harbor/docs/administration/vulnerability-scanning/configure-system-allowlist.md

---
title: Configure System-Wide CVE Allowlists
weight: 50
---

When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create allowlists of CVEs to ignore during vulnerability scanning. 

You can set a system-wide CVE allowlist or you can set CVE allowlists on a per-project basis. For information about per-project CVE allowlists, see [Configure a Per-Project CVE Allowlist](../../working-with-projects/project-configuration/configure-project-allowlist.md).

System-wide CVE allowlists apply to all of the projects in a Harbor instance.

1. Go to **Configuration** > **System Settings**.
1. Under **Deployment security**, click **Add**. 
   ![System-wide CVE allowlist](../../../img/cve-allowlist1.png)
1. Enter the list of CVE IDs to ignore during vulnerability scanning. 
   ![Add system CVE allowlist](../../../img/cve-allowlist2.png)

   Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
1. Click **Add** at the bottom of the window to add the list.
1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the allowlist.
   ![Add system CVEs](../../../img/cve-allowlist3.png)
1. Click **Save** at the bottom of the page to save your settings.
   
After you have created a system allowlist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system allowlist.

![Add and remove system CVEs](../../../img/cve-allowlist4.png)
Begin restructuring Markdown and file names Signed-off-by: lucperkins <lucperkins@gmail.com> 2020-01-24 23:59:16 +01:00			`---`
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`title: Configure System-Wide CVE Allowlists`
Adding weightings to order topics 2020-02-11 16:24:43 +01:00			`weight: 50`
Begin restructuring Markdown and file names Signed-off-by: lucperkins <lucperkins@gmail.com> 2020-01-24 23:59:16 +01:00			`---`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create allowlists of CVEs to ignore during vulnerability scanning.`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`You can set a system-wide CVE allowlist or you can set CVE allowlists on a per-project basis. For information about per-project CVE allowlists, see [Configure a Per-Project CVE Allowlist](../../working-with-projects/project-configuration/configure-project-allowlist.md).`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`System-wide CVE allowlists apply to all of the projects in a Harbor instance.`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
			`1. Go to Configuration > System Settings.`
			`1. Under Deployment security, click Add.`
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`![System-wide CVE allowlist](../../../img/cve-allowlist1.png)`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00			`1. Enter the list of CVE IDs to ignore during vulnerability scanning.`
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`![Add system CVE allowlist](../../../img/cve-allowlist2.png)`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
			`Either use a comma-separated list or newlines to add multiple CVE IDs to the list.`
			`1. Click Add at the bottom of the window to add the list.`
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`1. Optionally uncheck the Never expires checkbox and use the calendar selector to set an expiry date for the allowlist.`
			`![Add system CVEs](../../../img/cve-allowlist3.png)`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00			`1. Click Save at the bottom of the page to save your settings.`

Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`After you have created a system allowlist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click Add to add more CVE IDs to the system allowlist.`
Adding CVE whitelists 2019-10-18 15:42:48 +02:00
Replace all whitelist with allowlist Signed-off-by: AllForNothing <sshijun@vmware.com> 2020-06-22 04:34:03 +02:00			`![Add and remove system CVEs](../../../img/cve-allowlist4.png)`