Skip to main content

Sysdig Integration - Runtime Usage

We have implemented an integration for the Checkmarx One Container Security scanner with Sysdig Risk Spotlight. This integration identifies runtime usage of container packages. Once the integration is configured, the runtime usage data that was identified by Sysdig is shown as part of the Checkmarx Container Security scan results. This provides important insights for prioritizing remediation activities based on actual risk of exploitation.

Prerequisites

  • You need to have a Sysdig license and you need to obtain a Sysdig Risk Spotlight Token for your account (can be found in your Sysdig Account Settings).

  • Make sure that your Sysdig agents are configured to cover all images that you will be scanning in Checkmarx.

Limitations

Sysdig doesn't provide runtime data for base-images.

Setting up an Integration

Notice

It is possible to set up several separate Sysdig integrarions in your account.

To set up a Sysdig integration:

  1. Open the Integration Integrations.png page.

  2. Click on the Sysdig tile under Runtime & Cloud, then click Start.

    The Sysdig Integration wizard opens on the right side of the screen.

    Image_1703.png

  3. Name Your Account and optionally fill in the Description and Associate Tags fields, then click Next.

  4. Under Sysdig Risk Spotlight Token enter the Risk Spotlight Token for your Sysdig account.

    Notice

    This token can be found in the Account Settings of your Sysdig account.

    Image_1704.png

  5. In the Region field, select your Sysdig region.

  6. In the Clusters field, select the clusters you would like to include in the integration.

  7. click Save.

  8. You can check the status of the integration by opening the Inventory tab, selecting Runtime & Cloud and checking the Status column for your integration.

    image_sysdig_.png

Viewing Runtime Data

Once the integration has been configured for your account, whenever you run a scan on an image that is covered by your Sysdig deployment, the Checkmarx scan results will be supplemented with the runtime data.

On the Container Scan Results screen, there is a column Runtime which indicates which packages are used in runtime.

Possible values for Runtime Usage are:

  • Used - Runtime usage of this package was identified.

  • Not Used - No runtime usage of this package was identified.

  • Not Eligible - Runtime analysis isn’t supported for this package (for example, base-images aren't scanned by Sysdig).

  • Not Found - We couldn’t identify runtime usage because this package isn’t covered by your runtime security integration. Try adjusting the configuration of your runtime security integration so that all relevant clusters are covered.

Image_911.png
In this section: