PCCSE · Question #241
Which resources can be added in scope while creating a vulnerability policy for continuous integration?
The correct answer is B. Images and labels. When creating a vulnerability policy for continuous integration (CI) in Prisma Cloud, the scope can be defined using images and labels.
Question
Which resources can be added in scope while creating a vulnerability policy for continuous integration?
Options
- AImages and cluster
- BImages and labels
- CImages and containers
- DLabels and AccountID
How the community answered
(38 responses)- A3% (1)
- B95% (36)
- C3% (1)
Why each option
When creating a vulnerability policy for continuous integration (CI) in Prisma Cloud, the scope can be defined using images and labels.
Clusters are a runtime compute resource and are not a valid scope dimension for CI-focused vulnerability policies, which target build-time artifacts.
CI vulnerability policies in Prisma Cloud are scoped to container images, and labels are used as metadata selectors to refine which images fall within the policy's scope. Images are the primary artifact scanned during CI pipelines, and labels allow teams to target specific image groups - such as by environment, team, or application - without enumerating individual image names. This combination provides both the resource type and the filtering mechanism needed for precise CI policy scoping.
Containers are running instances and are scoped in runtime policies, not in CI vulnerability policies that target images before deployment.
AccountID is used for scoping cloud account-level policies, not for CI vulnerability policies, which operate at the image and label level.
Concept tested: Prisma Cloud CI vulnerability policy scope configuration
Source: https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-policies
Topics
Community Discussion
No community discussion yet for this question.