A technical team is scanning ephemeral workloads for known flaws within a new pipeline. Which method yields broad coverage when discovering vulnerabilities in container-based solutions?
Evaluate logs from prior runs to detect repeated errors
Examine environment variables or secrets while skipping operating system packages
Focus scanning on ephemeral changes introduced by new code
Review the underlying build and appended elements for packages or configurations that might pose a risk
Trivy can examine deeper layers of a container environment by including underlying build elements and appended components. This approach exposes hidden flaws in operating system (OS) packages, libraries, or added files. Restricting scans to ephemeral changes, environment variables, or error logs can miss other vulnerabilities. A comprehensive method helps reveal potential issues across the entire workload.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Trivy, and how does it work in vulnerability scanning?
Open an interactive chat with Bash
What are ephemeral workloads, and why is it important to scan beyond their changes?
Open an interactive chat with Bash
Why should operating system packages be included in container scans?