1. Overview

Typically, software is added to container images and hosts with a package manager, such as apt, yum, npm. Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for Go, Java, Node.js, Python, and, Ruby components. Prisma Cloud typically uses the package manager’s metadata to discover installed components and versions, comparing this data to the data in the Intelligence Stream’s realtime CVE feed.

Sometimes, you might install software without a package manager. For example, software might be built from source and then added to an image with the Dockerfile ADD instruction or you developers unzip the software from a tar ball to a location and host, utilize the application. In these cases, there is no package manager data associated with the application.

Prisma Cloud uses a variety of analysis techniques to detect metadata about software not installed by packages managers. These are purpose built differently for iamges and hosts. This analysis augments existing vulnerability detection and blocking mechanisms, giving you a single view of all vulnerabilities, regardless of it how the software is installed (distro’s package manage, language runtime package manager, or without a package manager).

2. Supported apps

The following list shows examples of the apps currently supported.

  • Kubernetes

  • OpenShift

  • Jenkins

  • Envoy

  • CRIO

  • Hashicorp Vault

  • Hashicorp Consul

  • WordPress

  • Redis

  • Nginx

  • Mongo

  • Mysql

  • Httpd

  • Java

  • Apache

  • Postgres

  • Node

  • Ruby

  • Python

  • PHP

Nothing is required to enable the functionality described in this article. It is enabled by default.

When vulnerabilities are detected in an unpackaged app, scan repots list the Type as Application.

unpackaged sw app vulns

Vulnerabilities of typei Application are carried in the Intelligence Stream’s app feed. Go to the CVE statistics section on the Manage > System > Intelligence page for more information.

unpackaged sw cve stats