A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?
A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?
To automate vulnerability scanning for images deployed to Fargate, the customer should embed a Fargate Defender to automatically scan for vulnerabilities. This method ensures that security measures are integrated within the container environment, providing continuous monitoring and immediate feedback on the vulnerabilities as the images are deployed and run.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/install/install_defender/install_app_embedded_defender_fargate
https://www.paloaltonetworks.com/blog/prisma-cloud/securing-aws-fargate-tasks/
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/defender_types
Actually both A and B seem to be correct, I vote for B, because it is more specific.
If you use services providing containers on demand, you can run containers, but the service abstracts away the underlying cluster, host, operating system, and software modules. Without access to those hooks, container Defenders can’t monitor and protect resources in those environments. Instead, embed an app-embedded Defender directly inside your workload running in the container to establish a point of control. You can manually embed the Defenders or use automated workflows to embed Defenders using Fargate or Dockerfile. Using Dockerfile, you deploy one app-embedded Defender per container. Using Fargate, you deploy one app-embedded Defender per task.
This is about vulnerabilities, not defend runtime. https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning
Should be B. App-Embedded Defenders for Fargate monitor and protect your Fargate tasks to ensure they execute as designed.
B: https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/install/install_defender/install_app_embedded_defender_fargate