Cloud Pak for Data

 View Only
Expand all | Collapse all

Repository: cloudpak4data/dv-engine |Findings in Security Vulnerability Scans

  • 1.  Repository: cloudpak4data/dv-engine |Findings in Security Vulnerability Scans

    Posted Sun December 05, 2021 08:43 PM
    We have installed Defender Agent and deployed Prisma Cloud in a couple of clusters with CP4data and there are a lot of records that suggest it might be vulnerabilities in several packages. Is anyone aware of this or has walked through this concern ? Is there any chance of probe which are legitimate or false positives ? Thanks !

    Detail:
    Registry: image-registry.openshift-image-registry.svc:5000
    Repository: cloudpak4data/dv-engine
    Tag: v1.5.0.0-234

    ------------------------------
    Tomas Carlos Otaño
    ------------------------------

    #CloudPakforDataGroup


  • 2.  RE: Repository: cloudpak4data/dv-engine |Findings in Security Vulnerability Scans

    Posted Wed December 08, 2021 09:10 AM

    Hi Tomas,

    Remediation of CVEs is part of an ongoing effort in DV 1.7.x (CP4D 4.0.x). The same is not available for DV 1.5 that you have asked about, and nor are updates for DV 1.5 being provided. All customers still using DV versions prior to DV 1.7.x/CP4D 4.0.x are urged to upgrade to DV on CP4D 4.0.x to benefit from the remediation effort and fixes.

    With regard to your question, whether they are legitimate or false positives, there is a significant change between DV 1.5 and 1.7 that makes comparison of any list of CVEs difficult. So it is hard to say unless referring to a specific CVE, whether it was analyzed as legitimate or false positive, or if there is a fix already delivered in DV 1.7.x.

    Hope this answers your question.



    ------------------------------
    Shantanu Mundkur
    ------------------------------