creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-aqua-security-for-container-scanning/references/standards.md
T

1.6 KiB
Raw Blame History

Standards Reference for Container Scanning

NIST SP 800-190: Application Container Security Guide

Recommendation Trivy Coverage
4.1 Image vulnerabilities CVE scanning of OS packages and app dependencies
4.2 Image configuration defects IaC misconfig scanning of Dockerfiles
4.3 Embedded malware Secret scanning detects embedded credentials
4.4 Embedded cleartext secrets Secret scanner with regex and entropy detection
4.5 Use of untrusted images Registry scanning and image provenance verification

CIS Docker Benchmark v1.6 Alignment

CIS Control Trivy Check
4.1 Ensure image is created from a trusted base Base image vulnerability scanning
4.3 Ensure unnecessary packages are not installed SBOM generation reveals full package inventory
4.6 Add HEALTHCHECK instruction Dockerfile misconfiguration check
4.9 Ensure COPY instead of ADD Dockerfile misconfiguration check
4.10 Ensure secrets are not stored in Dockerfiles Secret detection in filesystem scan

Vulnerability Database Sources

Source Coverage Update Frequency
NVD (NIST) All CVEs Continuous
Alpine SecDB Alpine Linux packages Daily
Debian Security Tracker Debian packages Daily
Ubuntu CVE Tracker Ubuntu packages Daily
Red Hat OVAL RHEL/CentOS packages Daily
GitHub Advisory Database Language packages Continuous
Go Vulnerability Database Go modules Continuous
RustSec Advisory Database Rust crates Continuous
Reference in New Issue View Git Blame Copy Permalink