What files does twistlock search for when scanning images?
8412
Created On 02/07/22 11:54 AM - Last Modified 04/22/22 17:40 PM
Question
- What files does Twistlock scan for?
- What package info files do we search for when scanning images?
- Do we support nested jar files scanning?
- How container vs host scanning differ when it comes to software package info?
Environment
- Prisma Cloud Compute (Twistlock)
- Vulnerabilities Scanning
- Software Dependencies
- Package Info
Answer
- Prisma Cloud can scan images, repositories, functions etc and identify vulnerabilities in your software’s dependencies.
- As in the context of Java, we look for pom.xml inside jar files.
- For Python we look for PKG-INFO (METADATA and .dist-info) and .egg-info.
- As for nested jars, yes we do support it. In particular, we detect jar files that are inside .ear files, .ear files can contain a collection of jars indeed. So basically, we detect the jar itself and the files inside (one layer) and for ear we detect the jars inside the ear and their content (two layers of nesting).
- Overall, Prisma Cloud supports the following package types:
- Distro packages (deb, rpm).
- Binaries.
- Nodejs packages.
- Python packages.
- Ruby gems.
- Java artifacts (JAR files).
- Yes, We support Nested Jar file scanning.
- Finally, it's important to remember, there is a difference in the way we scan containers, compared to how we scan hosts:
- When we scan a container/image, we scan every file exists in the container/image file system.
- For hosts, we have performance impact if we scan all files, so the design is that we scan only the files that are being used by the running processes in the system.
- Having a jar in host disk is not enough to scan it, we scan that jar only if it is running, in other words in hosts we scan vulnerabilities only for running services/processes.