Sysdig Sage for Vulnerability Management

Sysdig Sage provides AI-assisted remediation for container image vulnerabilities. It analyzes vulnerabilities in context and generates safe, low-effort remediation guidance that respects dependency chains and build constraints.

You can access remediations provided by Sysdig Sage directly from any image view across Sysdig Secure, and optionally create Jira tickets to assign and track implementation.

Prerequisites

Vulnerability scanning is enabled and completed.
Your Sysdig account is Sage enabled.
Jira integration is configured for ticketing.

Guidelines and Best Practices for Remediation

Use Sage remediation suggestions as a baseline, and validate upgrades in development environments.
Prioritize updating base images when possible, as this can resolve multiple CVEs in a single step.
A remediation is persisted for the duration of your session.
If you leave and return to the image within the same browser session, the existing remediation is reused.
If you return in a new session, a new remediation is generated.

Access a Remediation

You can generate a remediation using one of the following:

Steps	Preview
Vulnerabilities > Findings > Group by Image
Inventory > Search
Risks > All Risks. Select an image Resource Details drawer

Generate a Remediation with Sage

Access an image.
Click the Remediate tab in the image view.
In the Sysdig Sage Strategies panel, click Generate Remediation.
Sysdig Sage analyzes the image and generates a remediation plan with:
- Recommended application/package upgrades
- Recommended base image updates
- Alternative OS package fixes if the base image cannot be updated

Review the Remediation Plan

The remediation is typically divided into two sections:

Remediation Types Preview

Remediation Types	Preview
Application and Language Layer Upgrade suggestions for libraries in runtimes. For example, Java, Python, or Node.js Dependency-aware and low-effort to apply
Base Image and Operating System Layer Suggested base image upgrades. For example, `alpine:3.18` Targeted runtime package upgrades. For example, `musl`, `libssl`

Application and Language Layer

Upgrade suggestions for libraries in runtimes. For example, Java, Python, or Node.js
Dependency-aware and low-effort to apply

Base Image and Operating System Layer

Suggested base image upgrades. For example, alpine:3.18
Targeted runtime package upgrades. For example, musl, libssl

Create a Jira Ticket (Optional)

To assign the remediation plan by Sysdig Sage to engineering with a pre-filled ticket:

On the remediation panel, click Create Ticket.
An Open Jira Ticket screen appears.
Select a Project and enter Issue Type.
Click Create to generate a pre-filled ticket with a summary and description that covers the following :
- Suggested upgrades
- Paths to vulnerable packages
- Example commands

Applying and Validating Fixes

Apply the recommended changes in your image build pipeline.
Push the updated image to scan it again.
Revisit the Findings page and check the image view to confirm that the CVEs have been resolved.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.