1. Overview

Besides detecting software vulnerabilities (CVEs) and compliance issues (such as images configured to run as root), Prisma Cloud also detects malware in your container images. No special configuration is required to enable this feature.

Malware data is sourced from commercial providers, Prisma Cloud Labs, and open source lists. The image scanner looks for malware in binaries in the image layers, including the base layer.

Malware scanning and detection is supported for Linux container images only. Windows containers are not supported.

2. Detecting malware

When Prisma Cloud detects malware in an image, it logs the vulnerability in the image scan report.

To review the results of an image scan:

  1. Open Console, then go to Monitor > Vulnerabilities > Images.

  2. Click on an image to get a detailed report from the last image scan.

  3. In the detailed report, click on the Compliance tab.

    Issues with vulnerability ID 422 means that your image contains a file with an md5 signature of known malware.

3. What’s next?

Custom malware data can be uploaded to Prisma Cloud. After uploading your data, it is used in all subsequent images scans.

For more information about uploading custom malware data to Console, see Import custom malware data.