WEBVTT 00:19.360 --> 00:21.527 Here we have a container scan of a web 00:21.530 --> 00:23.780 server running on Python by using the 00:23.790 --> 00:25.750 latest version of the base image . 00:25.760 --> 00:27.670 There is just one category one 00:27.680 --> 00:29.780 vulnerability which will be resolved 00:29.790 --> 00:31.700 soon in the upstream container . 00:31.709 --> 00:34.490 However , there are still 55 category 00:34.500 --> 00:36.919 three findings which result in a total 00:36.930 --> 00:39.520 of 56 pom entries for a single 00:39.529 --> 00:41.696 container . Some of these packages are 00:41.696 --> 00:44.000 unnecessary for the operation of a web 00:44.009 --> 00:46.380 server such as blues which is used for 00:46.389 --> 00:48.720 Bluetooth . Here are the different 00:48.729 --> 00:51.979 containers for Python 3.9 Prismic cloud 00:51.990 --> 00:53.919 compute can be used to analyze 00:53.930 --> 00:55.930 different versions of the same open 00:55.930 --> 00:58.389 source product to decide which one has 00:58.400 --> 01:00.830 the fewest vulnerabilities and thus the 01:00.840 --> 01:03.759 fewest poems to manage it can perform 01:03.770 --> 01:05.937 this scan without the need to download 01:05.937 --> 01:06.937 the images . 01:37.220 --> 01:40.040 Prism cloud compute also shows the 01:40.050 --> 01:42.459 installed packages which can be used to 01:42.470 --> 01:44.370 easily cross reference security 01:44.379 --> 01:46.910 advisory information with the installed 01:46.919 --> 01:50.610 versions . In addition to vulnerability 01:50.620 --> 01:53.230 scanning prismic cloud compute can also 01:53.239 --> 01:55.750 be used to track container compliance . 01:55.919 --> 01:58.180 Here is a high finding resulting from 01:58.190 --> 02:00.870 this image being created by root user 02:02.029 --> 02:04.160 Prism cloud compute has checks for 02:04.169 --> 02:06.370 several security standards built in 02:06.379 --> 02:08.850 these checks include NIST special 02:08.860 --> 02:12.369 publication 800-1 90 Cis Kernes 02:13.100 --> 02:16.589 and CIS Docker Prism compute also 02:16.600 --> 02:19.259 supports custom compliance checks which 02:19.270 --> 02:21.259 can be used to check for stig 02:21.270 --> 02:22.210 compliance 02:42.369 --> 02:45.110 Prisma cloud compute also categorizes 02:45.119 --> 02:47.710 every container based on risk factors . 02:47.720 --> 02:49.899 The wheel at the top represents risk 02:49.910 --> 02:52.070 factors for the running container . 02:52.080 --> 02:54.389 Whereas the bottom one represents the 02:54.399 --> 02:56.869 risk factors for the vulnerabilities on 02:56.880 --> 02:59.389 the container . These factors can help 02:59.399 --> 03:01.121 security personnel better make 03:01.121 --> 03:03.330 decisions on which applications should 03:03.339 --> 03:05.300 be allowed in their workloads . 03:09.240 --> 03:09.289 Yeah .