Cisco Panoptica can scan code zip files (instead of image files) for vulnerabilities. These files can be deployed in your build pipeline. Results are shown in the CODE ZIP tab in the CI/CD page. This lists code files scanned by Cisco.

You can use results of code zip scans in Policies, to condition deployment or connections according to the severity of vulnerabilities

Scan code files

Scan code files from the CLI.
Use this command

./bin/securecn_deployment_cli run-code-vulnerability-scan --access-key e2088a26-dbd4-4722-bd69-bbd998319072  --secret-key xxxxxxx   --url <panoptica URL> --code-identifier <identifier> --zip-path-to-scan ./test.zip  -v

Where -

• access-key and secret-key are the credentials to access the image or file in its registry
• url is the URL of your Panoptica instance
• code-identifier is
• zip-path-to-scan is the full pathname of the zip file to be scanned

To rescan an image, run the same command (again) from the CLI.

View scan details

Click on a file in the list to show more details about findings discovered by the scan.
The VULNERABILITIES tab show vulnerabilities found in the code files (similar to the vulnerabilities in image files).
The PACKAGE LICENCES tab lists the packages included in the file, their version numbers, and licenses (where applicable).

Click on a vulnerability to show more detail.

Use scan results in Policy rules

You can condition CI/CD and Serverless Policy rules on the results of code zip file scans, to prevent deployment of code images with vulnerabilities.