Before Collibra composes an Edge installation package, Snyk scans all images consumed by Edge for all planned weekly releases to identify and mitigate vulnerabilities. Additional daily scans on repositories are also performed as well as a quarterly 3rd party penetration test to ensure that Edge remains secure.
You can also run your own security scans. We recommend that you run the following command for Edge sites installed on k3s to remove old containers and images from an Edge host before running your own scans:
sudo /usr/local/bin/k3s crictl rmi --pruneThis prune command is a native docker command to clean unused docker objects such as images, containers, volumes and networks. Running this command will avoid false positive vulnerabilities when performing scans as Kubernetes, which is responsible for the garbage control of old Edge images and containers, is not guaranteed to have cleaned up the files before the scan is run.
For more information about security scanning, go to Collibra's vulnerability and scanning policy.
What's next?
Pull images from the Collibra Edge docker registry with each new version to perform security scans and audits.