About enkido

enkido

to be a bit more precise: The same image scanned in the runtime radar, will report vulnerabilities found in packages used by our packages, while the jenkins initiated scan only finds vulnerabilities in direct dependencies, for examples packages directly specified in the package.json, but not their dependencies. Isn't there any way to get all dependencies transitively/recursively scanned?

enkido

We have setup twistlock / prisma cloud to scan our images for vulnerabilities and compliance. While given the same rules, the runtime defence radars discover 2 vulnerabilities and 2 compliance violations in a particular image, when I run a scan with prismaCloudScanImage jenkinsplugin, it only reports the 2 compliance issues, but not the vulnerabilities! Does anyone know what could be the issue?

Member Since	4 weeks ago
Date Last Visited	2 weeks ago
Posts	2

Online Status	Offline
Date Last Visited	2 weeks ago

About enkido

Re: prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

Re: prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

Network Security

Cloud Security

Security Operations

About enkido

Re: prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

Re: prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars

prismaCloudScanImage doesn't find vulnerabilities that are otherwise discovered with runtime radars