Vulnerability insights and management¶
Nais provides a set of tools and services to help you secure your software supply chain and manage vulnerabilities in your workloads:
-
Attestation (nais/docker-build-push)
GitHub action that helps to secure a supply chain for software artifacts.
-
Tools to manage vulnerabilities in your workloads.
Getting started with vulnerability insights¶
The setup of vulnerability insights for an workload is straightforward and only requires you to add the nais/docker-build-push action to your GitHub workflow. Once added, the action will automatically generate a signed attestation, including a SBOM (Software Bill of Materials) for your container image and its dependencies. This is bundled as an attestation and pushed to your container registry along with your image and plays a key role in providing proof that the software supply chain follows secure processes.
Acknowledge vulnerabilities¶
Nais continuously monitors deployed container images in the cluster. When a new image is detected, Nais automatically uploads its SBOM to Dependency-track for vulnerability analysis.
The results of the Dependency-track analysis, including vulnerability insights, can then be viewed in the Nais Console. The Nais Console provides a platform for viewing and managing vulnerabilities at the team level.