IBM Support

IBM Cloud Pak for Business Automation Security Vulnerability Policy

Troubleshooting


Problem

This document describes Cloud Pak for Business Automation support policy for security vulnerability issue.  
As part of its IBM Cloud Pak certification process, IBM performs security vulnerability code scanning on the container images.  Each month security fixes are delivered in the interim fixes.  Detailed information about the fixes can be found in the interim fix README.   Depending on your version, you might need to upgrade your product in order to get the fix for your reported issue.  For more information about the fix support schedule, please review the IBM Cloud Pak for Business Automation Software Support Lifecycle Addendum.
We accept support cases for investigating security vulnerabilities identified by third party scanning tools. Please ensure you are using the latest interim fix when scanning the product. Before opening a support case, review and triage the third party scanning tool vulnerability reports to identify those items that are significant to you. 

Resolving The Problem

When you contact support for assistance with a Cloud Pak for Business Automation issue, collect the following troubleshooting data.
General Diagnostic Information: 
  1. The Cloud Pak for Business Automation product and interim fix version. 
  2. The scanning tool that is used. 
  3. The extract of the scanning report with relevant information for each relevant CVE detected.
  4. Container image name and its tag/digest, and the file path to the vulnerable file.
  5. Does the image come from the IBM Entitlement registry or is it from your own registry? 
  6. If the security vulnerability is not related to a CVE, please provide the detailed description, the re-create step(s), and the log(s) which illustrates the problem.   

What to do next

Once you complete gathering all the needed information and diagnostics, you can add them to your case. Alternatively, you can upload files to ECURep. For more information, see Enhanced Customer Data Repository (ECuRep) - Overview.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m3p000000LQWWAA4","label":"Operate"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
18 March 2022

UID

ibm16558564

Page Feedback