Scan results for 22.06.179

OpenSCAP and vulnerability scan report:

Prisma Cloud Compute release: 22.06 (22.06.179)

Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.5

Benchmark URL: scap-security-guide-0.1.62/ssg-rhel8-ds-1.2.xml

Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8

Profile ID: xccdf_org.ssgproject.content_profile_stig

Compared to IronBank’s UBI8-minimal, Version 8.6, Build Date: 2022-06-06

twistlock/private:console_22_06_179

Findings for Prisma Cloud Compute Console.

You can find the OpenSCAP report here

Rule_ID	Compute finding	IronBank finding	Justification
xccdf_org.ssgproject.content_rule_accounts_authorized_local_users	Fail	Pass	local accounts include: twistlock = non-root account for service, mongod = mongoDB database & saslauth = authentication libraries. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_csh_cshrc:def:1	Fail	Pass	Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_profile:def:1	Fail	Pass	Umask 027. Application is a non-interactive container. There is no interactive console session with the container.

You can find the full vulnerabilities report here.

No patches for existing vulnerabilities available at time of release

Findings for Prisma Cloud Compute Defender.

You can find the OpenSCAP report here.

Rule_ID	Compute finding	IronBank finding	Justification
oval:ssg-accounts_umask_etc_csh_cshrc:def:1	Fail	Pass	Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_profile:def:1	Fail	Pass	Umask 027. Application is a non-interactive container. There is no interactive console session with the container.

You can find the full vulnerabilities report here.

No patches for existing vulnerabilities available at time of release