Skip to content

Latest commit

 

History

History
97 lines (68 loc) · 2.94 KB

catalog-scans.md

File metadata and controls

97 lines (68 loc) · 2.94 KB
Raw
copyright lastupdated keywords subcollection
years
2021
2021-11-03
vulnerabilities, scanning, scans, images, software, catalog
account

{{site.data.keyword.attribute-definition-list}}

Scanning software for vulnerabilities

{: #scans}

Before you install instances of software from the {{site.data.keyword.cloud}} catalog, you might want to complete a vulnerability assessment on the contents of the software and its associated images. By doing so, you can reduce the probability of security threats and unauthorized access of systems. {: shortdesc}

  1. Select the software from the catalog in the {{site.data.keyword.cloud_notm}} console.

  2. Copy the URL that's displayed in the Source URL section on the Create tab.

  3. Generate an IAM access token. If you're working with OVA images, you can skip this step.

    To generate an access token by using the {{site.data.keyword.cloud_notm}} CLI, complete the following steps:

    1. Log in to the CLI:
    ibmcloud login

    {: pre}

    If you're logging in with a federated ID, run the ibmcloud login --sso command. For more information, see Logging in with a federated ID. {: note}

    1. Specify the region and resource group in which to create an instance of the software:
    ibmcloud target -r <region_name> -g <resource_group_name>

    {: pre}

    1. Retrieve your access token:
    ibmcloud iam oauth-tokens

    {: pre}

    The following truncated example shows a retrieved token.

    IAM token:  Bearer eyJraWQiOiIyM...

    {: screen}

    To generate an access token by using an API, complete the following steps:

    1. Log in to the {{site.data.keyword.cloud_notm}} CLI:
    ibmcloud login

    {: pre}

    If you're logging in with a federated ID, run the ibmcloud login --sso command. For more information, see Logging in with a federated ID. {: note}

    1. Specify the region and resource group in which to create an instance of the software:
    ibmcloud target -r <region_name> -g <resource_group_name>

    {: pre}

    1. Create an API key:
    ibmcloud iam api-key-create <API_key_name>
    [-d, --description <description>]
    [--file <API_key_file_name>]

    {: pre}

    1. Retrieve your access token:
    curl --location --request GET '<source URL>' \ 
-- header 'Authorization: bearer <token>' -o <filename>

    {: pre}

  4. Enter the source URL that you copied in the previous step in the GET request. If you're working with OVA images, you can skip this step.

  5. Press Enter to download the source package.

  6. Use a vulnerability scanning tool of your choice to review the contents of the software and associated images for any issues.

After you run the scan and address any reported issues, you can return to the console and install the software.