Business Problem:

Today, customers use the Red Hat Advanced Cluster Security roxctl CLI with the image check command to run all their custom policies in the build and deploy lifecycle. However, the tool does not show the exact full path location of the CVE.

In the DevOps lifecycle, developers do not know the precise location of a CVE (for example, inside a specific .jar file) and must contact the security team for clarification. This slows down remediation and creates friction between teams.

Use Cases:

Developers need to quickly identify the exact file path and component where a CVE exists (e.g., /usr/lib/app/specific.jar).

Organizations want to accelerate the shift-left approach by giving developers actionable information during the build phase.

Key Functionality:

Enhance roxctl image check to display the full path location of vulnerable components within images, same as UI.

Benefits:

Less dependency on security teams for root-cause analysis of CVE.