Vulnerability Scanning

For security and peace of mind, software vulnerability scanning for registered model versions that meet the Verta Model Specification is built into the Verta web UI.

Performing scans and viewing results

On the Model Version Release page you can find the tool for scanning the model container for vulnerabilites

The Start Scanning button triggers an inspection of the image for known vulnerabilities in its packages, and the results are displayed in a sortable and downloadable table. Verta can be configured to use any image scanning software; this example uses Amazon ECR as indicated.

You can download a CSV of the identified vulnerabilities or open the detail view to get more information:

Custom Security Scanning Tools

If you would to integrate a custom security scanning vendor or internal process, a webhook is available. See the webhook section of our documentation for details.

Last updated