Full Report
Wiz’s reimagined container image page gives teams complete visibility, smarter prioritization, and faster remediation, from code to runtime.
Analysis Summary
This article describes a new feature in a commercial Cloud Security Posture Management (CSPM) and Cloud Native Application Protection Platform (CNAPP) solution, Wiz, focused on enhancing the visibility and security context around container images throughout their lifecycle. It does not detail a specific piece of malware, attack tool, or adversarial TTP, but rather a defensive capability.
# Tool/Technique: Wiz Container Image Page (New Feature)
## Overview
The new Wiz container image page provides comprehensive visibility into the lifecycle, deployment context, and scanning status of container images, designed to help security and platform teams prioritize risks, validate security gates, and accelerate remediation in containerized environments.
## Technical Details
- Type: Defensive Tool/Platform Feature (CNAPP/CSPM)
- Platform: Cloud and Container Environments (CI/CD pipelines, Registries, Runtime)
- Capabilities: Lifecycle tracking, vulnerability context mapping, dependency tracking, registry discovery, security gate validation.
- First Seen: Not specified (This is a product update announcement).
## MITRE ATT&CK Mapping
Since this is a defensive feature, it does not map to offensive techniques directly. However, the capabilities it addresses relate to mitigating adversary actions:
- **[T1587 - Develop Capabilities]** (By helping users understand vulnerabilities introduced by base images)
- **[T1590 - Supply Chain Compromise]** (By tracking image lineage and scanning status)
- **[T1078 - Valid Accounts]** (By ensuring proper authentication/validation gates are met across the lifecycle)
## Functionality
### Core Capabilities
- **Base Image Risk Surfacing:** Identifies which base images introduce vulnerabilities and traces their origins.
- **Deployment Mapping:** Shows exactly where images are deployed and the number/type of containers relying on them (blast radius calculation).
- **Scanning Status Tracking:** Validates whether an image was scanned at every stage (CI, registry, runtime) to spot policy gaps.
- **Registry Discovery:** Automatically uncovers all cloud registries within the environment.
### Advanced Features
- **Lifecycle Visibility:** Maps the entire journey of an image from build to production.
- **Risk Prioritization:** Allows teams to prioritize vulnerabilities based on the blast radius (i.e., focusing on images deployed across critical workloads).
- **Remediation Tracing:** Traces a vulnerable image back to the source repository, Dockerfile, and build pipeline to speed up fixes.
## Indicators of Compromise
N/A (This is a defensive security tool feature.)
## Associated Threat Actors
N/A (This is a defensive security tool feature.)
## Detection Methods
N/A (This is a tool used for proactive detection and response.)
## Mitigation Strategies
- **Implement Scanning Gates:** Use the lifecycle tracking to ensure images are scanned at CI, registry, and runtime stages.
- **Prioritize Remediation:** Focus efforts on images with large blast radii, especially those running in critical production environments.
- **Secure Base Images:** Identify and eliminate risky base images introduced early in the supply chain.
- **Establish Ownership Context:** Use lineage tracing to assign remediation tasks quickly to the correct development team.
## Related Tools/Techniques
- Cloud Security Posture Management (CSPM) solutions
- Cloud Native Application Protection Platforms (CNAPP)
- Container Image Scanning Tools
- Software Composition Analysis (SCA)