Vulnerability scanning, storing, and viewing for your supply chain

This topic describes the vulnerability scanning features you can use with Tanzu Application Platform (commonly known as TAP).

This feature set allows an application operator to introduce source code and image vulnerability scanning, storing, and viewing to their Tanzu Application Platform supply chain. It also allows for the creation of scan-time rules that prevent critical vulnerabilities from flowing to the supply chain unresolved.

Features

Features include:

  • Scan source code repositories and images for known common vulnerabilities and exposures (CVEs) before deploying to a cluster.
  • Identify CVEs by scanning continuously on each new code commit or each new image built.
  • Analyze scan results against user-defined policies by using Open Policy Agent. Create scan policy to prevent vulnerable components from going into production.
  • Produce vulnerability scan results and post them to the SCST - Store where they can be queried.
  • Query the store for such use cases as:
    • What images and packages are affected by a specific vulnerability?
    • What source code repositories are affected by a specific vulnerability?
    • What packages and vulnerabilities does a particular image have?
  • Visualize the supply chain and its packages and vulnerabilities of your supply chain.

Components

Next steps

Apply what you have learned:

Or learn about:

Or go deeper into scanning on Tanzu Application Platform:

Troubleshooting

check-circle-line exclamation-circle-line close-line
Scroll to top icon