07-02-2024 11:56 AM
Right now, my team has scans for our images set up as part of our CI/CD pipelines, and the scans are compared against our prefered policies. What we're looking for now though is the ability to know when an image, which previously passed the scan, contains a newly discovered vulnerability. In other words:
1) We deploy an image via our CI/CD pipelines. The scan finds no vulnerabilities that violate our policy.
2) After that date, a new vulnerability is found, which didn't show up in the CI/CD scan since it wasn't known at the time.
3) We get notified that a previously deployed image, which had passed the scan before, is now failing our vulnerability policy.
Is there any way to do this without just re-scanning previously deployed images? We looked at the registry alerts, but that seems like it would produce alerts every day that a particular image is failing the scan (we don't want repeat alerts for the same image/vulnerability).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
