Automated Runtime Scanner

Overview

Sysdig provides vulenrability scanning features across the whole SDLC, from local to CI, fro CD to runtime. In this chapter we are going to have a look to the runtime scanner.

Manage runtime vulnerabilities

A good starting point is the Vulnerability Management Overview Dashboard from the UI, by browsing the Vulnerabilities menu item. This view is extremely useful to understand at a glance what is going on with our vulnerabilities.

Let’s focus on runtime vulnerabilities by browsing to Vulnerabilities > Runtime. A list of images from running containers is shown.

Chose one of the images to see the detailed view Fixable Packages by Severity sorted by In Use.

Now click the tab Vulnerabilities to get a full list of findings. An alternative way to prioritize what needs to be fixed first,is by combining the flags “Has Exploit” and “In Use”. We will reduce hundred of results (noise) to just 3 of them that are specially relevant given the context. (Please note that this is just a way to prioritize, it does not mean that the rest of vulnerabilities have to be ignored at all).