In additon to other vulnerabilities, Twistlock also scans for zero-day vulnerabilities.

1. Overview

Zero-day vulnerabilities are undisclosed holes in software packages that have not been publicly acknowledged or patched by the software provider. Twistlock has partnered with Exodus Intelligence, a security research firm that does original work on zero-days, to offer coverage for these types of vulnerabilities.

Zero-day vulnerabilities complement Twistlock’s comprehensive coverage for CVEs. Unlike zero-days, CVEs are publicly disclosed vulnerabilities that are reported by distributions, software vendors, and open source software projects.

2. Reviewing zero-day vulnerabilities

Twistlock reports zero-day vulnerabilities alongside CVE vulnerabilities.

You do not need to take any action to enable zero-day vulnerability scanning; it is enabled by default. Zero-day vulnerabilities are reported in the Twistlock Intelligence stream, and it is updated as new zero-days are identified.

Procedure

  1. Open Console.

  2. Go to Monitor > Vulnerabilities > Images.

    The following screenshot shows a report for the morello/java-test:latest container image. The Twistlock scanner has uncovered a zero-day vulnerability in a Java package. Note that the vulnerability TYPE is marked as 0 Day.

    zero day  vulns 778612
  3. Click VIEW DETAILS to get the EIP (Exodus Intelligence Program) identifier for the zero-day and a link to the Exodus portal for more information.

    The Exodus portal provides the following details:

    • A short description.

    • Attack impacts.

    • List of affected software versions.

    • CVSS score.

You can optionally work with Exodus to purchase more detailed information about the threat.