CrowdStrike CCCS-203b Exam - Topic 4 Question 13 Discussion
Your organization is deploying containerized applications in a cloud environment. You must ensure that container images are free of vulnerabilities before being deployed into production. The solution must integrate seamlessly with your CI/CD pipeline to automate image scanning during the build process.Which image assessment method is in accordance with CrowdStrike best practices?
B) Integrate pushing images for assessment into your CI/CD pipeline to detect vulnerabilities during the build process
A) Wait until the images are running in production and rely on host-based security tools to monitor threats
C) Perform runtime analysis of the containers after they are deployed into production
D) Manually inspect each container image in the repository for vulnerabilities before deployment
CrowdStrike Falcon Cloud Security strongly recommends shifting security left in the development lifecycle by integrating image assessment directly into the CI/CD pipeline. This approach ensures vulnerabilities are detected during the build process, before images are deployed into production environments.
By pushing container images to Falcon for assessment as part of CI/CD workflows, Falcon expands image layers, inventories binaries and OS packages, and evaluates vulnerabilities early. This enables development and security teams to remediate issues before deployment, reducing risk exposure and preventing vulnerable images from ever reaching runtime.
Runtime-only analysis and host-based tools are insufficient for proactive security, as they detect issues after exposure has already occurred. Manual inspection does not scale and introduces human error, making it unsuitable for modern DevOps pipelines.
Therefore, integrating automated image assessment into CI/CD pipelines is the CrowdStrike best practice for secure container deployments.
Currently there are no comments in this discussion, be the first to comment!