When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?
When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?
A policy set under Defend > Vulnerability > Images > Deployed would apply when a Container is started from an Image. This is because such policies are intended to manage vulnerabilities in images that are already deployed; hence the policy is triggered when these images are used to start containers.
B is correct. image build is scanned by CI policy https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/vulnerability_management/vuln_management_rules
Should be B --> Vulnerability rules let you raise alerts or block deployments when deployed images have vulnerabilities.