The GitHub Security Advisory is now used as the CVE source for Java and NPM vulnerabilities - See supported language libraries and package managers for containers and hosts for a full list of the CVE sources used.
Red Hat Universal Base Image (UBI) 9 and Minimal Images are now supported for container vulnerability scanning - See Container Image Support for a list of supported container image operating systems.
Google Cloud service account validation changes - lacework-global-235 checks for Google Cloud service accounts that have excess permissions. Previously, the policy incorrectly considered only service accounts where the name contained
iam.gserviceaccount.com. That condition has been removed meaning that all service accounts are now subject to the permissions check.
Now any service account with the following IAM policy associations will violate this policy:
- Any role containing the word
If you have GCP Compliance assessments in place, this change may result in a significant increase in alert volume for this policy.
Agentless Workload Scanning documentation: content structure changes and IAM permission details added for deployment and operation - Improvements have been made to the documentation workflow. This includes details on the IAM permissions and roles that Agentless Workload Scanning requires for deployment and what is used during operation.
See Agentless Workload Scanning to view the new updates.
The Host Vulnerability FAQs for package status can now be found in Active Package Detection.