Typically, software in images is added through a package manager, such as apt, yum, npm. Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for Node, Python, Java, and Ruby components. In these cases, Prisma Cloud typically uses the package manager’s metadata to discover the installed components and versions and compares this data to the realtime CVE data feed provided via the intelligence stream. However, sometimes you may install software into images without using a package manager, by just having a line in a Dockerfile to ADD the binary to the image or building it via a configure, make, install approach. In these cases, there is no package manager data associated with the application.
Prisma Cloud uses a variety of advanced analysis techniques to detect metadata about software not installed via packages managers. This analysis then feeds our existing vulnerability detection and blocking mechanisms, continuing to give you a single view of all the vulnerabilities within a given image, regardless of whether they’re from the distribution layer, an app package manager, or added independently.
The following apps are currently supported. But with future requests from customers on additional support this list may be extended.
Nothing is required to enable the functionality described in this article. It is enabled by default.
The following screenshot shows what a vulnerability scan report looks like when a vulnerability is discovered in a binary that was not installed into the image with a package manager:
Customers can open support tickets to request support for additional binaries apart from those aforementioned.