Scan Engine V2

The Scan Engine is a module that you can run in the command-line shell or in your Continuous Integration / Continuous Deployment (CI/CD) pipeline. This module scans container images for security risks and vulnerabilities and assesses the image compliance with the organization's security policy defined in CloudGuard.

The Scan Engine exists in two versions. This section describes working with version 2.0.0.

To see the Scan Engine version enabled on your CloudGuard account:

  1. Navigate to Settings > Configuration > Workloads.

  2. On the Image Assurance heading, see Scan Engine Version. Version 2.0.0 and higher means that your account has V2 support.

Requirements

CloudGuard Account

You need a CloudGuard account to use Scan Engine version 2.0.0. If you do not have one, go to the CloudGuard portal to create an account.

Connectivity

The Scan Engine must have connectivity to the *.dome9.com domain to properly communicate with the CloudGuard portal.

Instead of the domain address, you can use the region-specific URLs from the table below. Add these endpoints to the allowlist.

Region

Region Code

 Address

United States (US)

US

https://api.dome9.com

Europe (EU)

EU1

https://api.eu1.dome9.com

Singapore (SG)

AP1

https://api.ap1.dome9.com

Australia (AU)

AP2

https://api.ap2.dome9.com

India (IN)

AP3

https://api.ap3.dome9.com

Canada (CA)

CA

https://api.ca.dome9.com

Workflow

  1. Configure an Image Assurance policy for CI/CD pipeline:

    1. Create a ShiftLeftClosed The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. environment. See Create a ShiftLeft Environment and Service Account.

    2. Create a new CloudGuard service account or use the credentials of an existing one.

    3. Download and install the Scan Engine. See Download the Scan Engine.

    4. Create an Image Assurance policy. See Create an Image Assurance Policy.

  2. Run the Scan Engine. See Running the Scan Engine.

  3. View the assessment results in the CloudGuard portal or on the CLI terminal. See Viewing Scan Results.