Security Scanning
Scans images and containers as applications are deployed, performing static analysis of vulnerabilities on code and container image levels.
Lens AppIQ's security capabilities are structured in the following manner:
- In regular intervals, Lens AppIQ ingests vulnerability metadata from a configured set of sources and stores it in its internal database.
- Containers are indexed by their images, creating a list of features present in the image and stores them in the database.
- Lens AppIQ queries its database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
- When updates to vulnerability metadata occur, a notification is sent to alert systems that a change has occurred.
- At a pre-set interval, Lens AppIQ scrubs container images and indexes. Lens AppIQ can send out alerts, reports, or block deployments to Lens AppIQ environments if any vulnerabilities are matched to identified software packages in the images.
Lens AppIQ increases awareness and best security practices across developer and operations teams by automatically detecting vulnerabilities and encouraging action to patch and address the vulnerabilities. When new vulnerabilities are announced, Lens AppIQ's built-in scanning (based on Clair) knows right away, without rescanning, which existing layers are vulnerable and notifications are sent.
Scanning Applications
To scan a specific application image for vulnerabilities, use the app security scan command.
lapps app security scan [-a/--app appname] [--config/-c configfile]
Flags:
| Flag | Description |
|---|---|
| -a, --app | The name of the application |
| -c, --config | config file (not required) |
Listing Application Scans
To list all security scans for a specific application, use the app security list command.
lapps app security list [-a/--app appname]
Flags:
| Flag | Description |
|---|---|
| -a, --app | The name of the application |
Application Security Report
To create a report of a security scan for a particular application, use the app security report command.
lapps app security report [-a/--app app-name]
Flags:
| Flags | Description |
|---|---|
| -a, --app | The name of the application |
| -i | Scan index |
Scanning Images
To scan a specific image for vulnerabilities. Use the image security scan command
lapps image security scan imagename [--config/-c configname]
Flags:
| Flag | Description |
|---|---|
| -c, --config | Configuration file (not required) |
Listing Image Scans
To list all security scans for a specific image, use the image security list command
lapps image security list imagename
Image Security Report
To create a security scan report, use the image security report command.
lapps image security report imagename -i scanIndex
Flag:
| Flag | Description |
|---|---|
| -i | Scan index |
Updated 3 months ago