Scan results for 30.03.122
Expand all | Collapse all
Scan results for 30.03.122
OpenSCAP and vulnerability scan report:
Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.8
Benchmark URL: scap-security-guide-0.1.68/ssg-rhel8-ds.xml
Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
Profile ID: xccdf_org.ssgproject.content_profile_stig
Compared to IronBank’s UBI8-minimal, Version 8.8, Build Date: 2023-05-03T15:02:09
twistlock/private:console_30_03_122
Findings for Prisma Cloud Compute Console.
OpenSCAP report
You can find the OpenSCAP report
here
Rule_ID | Compute finding | IronBank finding | Justification |
xccdf_org.ssgproject.content_rule_accounts_authorized_local_users | | | Local accounts include: twistlock = non-root account for service, mongod = mongoDB database & saslauth = authentication libraries. Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_user_interactive_home_directory_exists | | | Non-interactive / non-root user twistlock does not have a home directory (/home/twistlock). |
Vulnerabilities full report
You can find the full vulnerabilities report
here.
CVE | Package | Version | Fix Status | Justification |
| | | | The package is a transitive dependency that is being pulled with k8s.io/client-go and k8s.io/kube-openapi, and is not being used directly in the Compute Defender and Console. |
twistlock/private:defender_30_03_122
Findings for Prisma Cloud Compute Defender.
OpenSCAP report
You can find the OpenSCAP report
here.
Vulnerabilities full report
You can find the full vulnerabilities report
here.
CVE | Package | Version | Fix Status | Justification |
| | | | The package is a transitive dependency that is being pulled with k8s.io/client-go and k8s.io/kube-openapi, and is not being used directly in the Compute Defender and Console. |
