Before Collibra composes an Edge installation package, XRay scans are performed on all images consumed by Edge to identify and mitigate vulnerabilities. Contrast scanning is performed post installation for runtime vulnerability detection. This strategy ensures that Edge remains secure.
You can also run your own security scans. We recommend that you run the following command in order to remove old containers and images from an Edge host before running your own scans:
sudo /usr/local/bin/k3s crictl rmi --prune.
This prune command is a native docker command to clean unused docker objects such as images, containers, volumes and networks. Running this command will avoid false positive vulnerabilities when performing scans as Kubernetes, which is responsible for the garbage control of old Edge images and containers, is not guaranteed to have cleaned up the files before the scan is run.
What's next?
Pull images from the Collibra Edge docker registry with each new version to perform security scans and audits.