1. Proposed title of this feature request

Provide information if vulnerable libraries are loaded in the image or not

1. What is the nature and description of the request?

Currently CVEs are listed, if they are detected in packages of the image. Often a relevant part of assessing a Vulnerability is, if they are exploitable in the application or not. For example often we, as Red Hat, provide Operators based on the UBI Images, which might include python libraries, which are not used by the application in the image. RHACS provides with the process baseline functionality to look into the actions of an application in a container. Using this Information to enrich detected CVEs with the info if the component which includes them is loaded or not, would help prioritize the CVEs

1. Why does the customer need this? (List the business requirements here)

Having a multitude of Images and CVEs makes it important to prioritize the CVEs which propose risk to the environment. By having the information if a CVE is really accessible from the exposed application, this could be used for prioritization.

As a Security Manager, I want to know, if specific CVEs are exploitable in my application

1. List any affected packages or components.

RHACS Vulnerability Management