Container hardening is the process of fixing the vulnerabilities.
CIS has published a list of container vulnerabilities which should be addressed to complete the hardening process.
Q1. Are there separate sets of tools
- That only point out the vulnerabilities - ... and then the tools that "fix" the vulnerabilities to complete the hardening process?Q2. Dockerbench and Twistlock (now named Prisma Cloud) are popular tools for container vulnerabilities scanning.
- Do these tools just point out the vulnerabilities or do they also help in fixing the vulnerabilities as well?Q3. If Dockerbench and Prisma Cloud only point out the vulnerabilities, then are there any other tools available which will help in "fixing" the vulnerabilities?