Typically, software is added to container images and hosts with a package manager, such as apt, yum, npm. Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for Go, Java, Node.js, Python, and, Ruby components. Prisma Cloud typically uses the package manager’s metadata to discover installed components and versions, comparing this data to the data in the Intelligence Stream’s realtime CVE feed.

Sometimes, you might install software without a package manager. For example, software might be built from source and then added to an image with the Dockerfile ADD instruction or you developers unzip the software from a tar ball to a location and host, utilize the application. In these cases, there is no package manager data associated with the application.

Prisma Cloud uses a variety of analysis techniques to detect metadata about software not installed by packages managers. These are purpose built differently for images and hosts. This analysis augments existing vulnerability detection and blocking mechanisms, giving you a single view of all vulnerabilities, regardless of it how the software is installed (distro’s package manager, language runtime package manager, or without a package manager).