This topic provides information about Cortex XSOAR Docker
Image Security practices.
The build process for Cortex XSOAR Docker images is
fully open source and available for review.
The project contains the source Dockerfiles used to build the images
and the accompanying files. Cortex XSOAR uses only the secure Docker
Hub registry for its Docker images. You can
view the Docker trust information for each image at the image info branch.
We automatically update our open source Docker images and their
accompanying dependencies (OS and Python). Examples of automatic
updates can be viewed on GitHub.
We maintain Docker image information which includes information
on Python packages, OS packages and image metadata for all our Docker
images. Data image information is
All of our images are continuously scanned using Prisma Cloud
and an additional third-party scanner. We evaluate all critical/high
findings and actively work to prevent and mitigate security vulnerabilities.
Cortex XSOAR ensures container images are fully patched and do
not contain unnecessary packages. Patches and dependencies are applied
automatically via our open source dockerfiles build project.