https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-detecting-cves-when-pulled-but-not-during-scan-job-in-ci/m-p/458472#M438 <P>Could you be running into a tagging issue? Are you pushing hardened-image:$build-id and then pulling latest? Curious to know what you found out or how you resolved this!</P> Wed, 12 Jan 2022 23:12:07 GMT david_michael 2022-01-12T23:12:07Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-detecting-cves-when-pulled-but-not-during-scan-job-in-ci/m-p/454407#M433 <P>So, I'm basically pulling the base images of the certain OS,&nbsp; and hardening them to reload onto another registry. When I pull the image and harden and push, under CI Scans of (Gitlab) of my pipeline. I don't get any CVEs. But when I pull the same image which I pushed to the last registry and run the ci scan with only a docker file which contains only&nbsp;</P> <P>`FROM (hardened-image)` I'm getting vulnerabilities, I do not understand what is happening and why it is happening, can someone help me?</P> <P>&nbsp;</P> Tue, 08 Feb 2022 00:02:16 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-detecting-cves-when-pulled-but-not-during-scan-job-in-ci/m-p/454407#M433 connor_verlekar 2022-02-08T00:02:16Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-detecting-cves-when-pulled-but-not-during-scan-job-in-ci/m-p/458472#M438 <P>Could you be running into a tagging issue? Are you pushing hardened-image:$build-id and then pulling latest? Curious to know what you found out or how you resolved this!</P> Wed, 12 Jan 2022 23:12:07 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-detecting-cves-when-pulled-but-not-during-scan-job-in-ci/m-p/458472#M438 david_michael 2022-01-12T23:12:07Z