Methodology

Every release of Prisma Cloud Compute we perform an SCAP scan of the Console and Defender images and post the results here. This process is based upon the U.S. Air Force’s Platform 1 "Repo One" OpenSCAP scan of the Prisma Cloud Compute images. We then compare the scan results to IronBank’s latest approved UBI8-minimal scan findings, any discrepancies are addressed or justified and the results are posted here.
The scanning process is as follows:
  1. Build RedHat Enterprise Linux server
  2. Install openscap-utils package
  3. Pull the latest SCAP content from the Compliance as Code GitHub repository.
  4. Scan the Console and Defender images
    oscap-podman <imageID> xccdf eval \ --fetch-remote-resources \ --profile xccdf_org.ssgproject.content_profile_stig \ --report scan_report_name.html scap-security-guide-*latest*/ssg-rhel8-ds.xml
  5. Compare findings against the IronBank daily issued UBI8-minimal image.

Recommended For You