「Extend App」の脆弱性スキャン
Overview
AGS scans all images of your running Extend apps to identify potential vulnerabilities. AGS scans each image immediately after upload, then runs periodic scans every Sunday at 00:00 UTC. Each scan produces a security report per app that lists detected vulnerabilities, their severity, and recommended fixes. AGS categorizes vulnerabilities by severity: low, medium, high, and critical.
These reports keep you informed about your Extend apps' security status so you can prioritize updates and fixes.
Subscribe to an Extend app to receive email notifications when critical vulnerabilities are detected. See Turn on alerts.
View scan results of an Extend app image
-
On the Extend app's details page, click Image Version History. A list of all image versions of the Extend app appears.
-
Image versions with detected vulnerabilities have a warning icon. Click Scan Results to view the full security report for that image.
If AGS detects critical vulnerabilities in the current (latest deployed) image of an Extend app, a banner appears at the top of the app's details page. Click See Scan Results on the banner to view the full report.
Turn on alerts
- On the Extend app's details page, click Subscribe.
- Select Image Vulnerability to receive email notifications when critical vulnerabilities are detected.
- To also receive notifications when the app goes down, select All instead.
- To stop receiving notifications, unsubscribe from the Extend app.
For details on managing subscribers, see Manage Extend app notifications and subscribers.
Scan result severity definition
| Name | Description | Example |
|---|---|---|
CRITICAL | This is the most severe level, where vulnerabilities could lead to a complete system compromise. Immediate remediation is strongly recommended. | Vulnerabilities that allow remote code execution, unpatched zero-day exploits, or critical data leaks that provide full access to system resources. |
HIGH | Vulnerabilities with a high severity are serious and could potentially be exploited to compromise the system's confidentiality, integrity, or availability. | Weak encryption algorithms, flaws that could lead to privilege escalation, or exposure to attacks like SQL injection if exploited in specific ways. |
MEDIUM | This severity indicates a vulnerability that poses a moderate risk. Exploiting these could impact functionality or lead to some level of exposure but is not considered critical. | Libraries with issues that could be exploited in specific scenarios, like allowing attackers to gain limited access to data under certain conditions. |
LOW | Vulnerabilities at this level represent minor security risks. They may have limited impact and are typically harder for attackers to exploit. | Minor issues like minor version mismatches or deprecated code that does not directly affect security. |
INFORMATIONAL | This level includes vulnerabilities that are not an immediate threat, but provide information about potential weaknesses or configurations. These are generally low-priority items that don't currently impact security but might still be worth addressing. | An outdated package that has no known vulnerabilities but may not follow best practices. |
UNDEFINED | The vulnerability might be newly discovered, and the assessment process is still in progress. The vulnerability was not assigned a priority by the CVE source. | The severity is a newly discovered vulnerability with incomplete analysis or lacking a CVSS score, awaiting further assessment to determine its impact. |