Grading Rubric

Criterion	Strong (3)	Adequate (2)	Weak (1)
Identified misleading symptom	Verified the actual installed version differed from the scanner report; questioned the scanner accuracy	Checked exploitability but assumed the scanner was correct about the version	Immediately started working on a patch or exception without verifying the finding
Found root cause in devops_tooling domain	Traced to stale base image cache + Trivy multi-layer dpkg parsing issue	Found the base image was cached but not the specific scanner parsing problem	Assumed it was a real vulnerability and focused on patching libcurl
Remediated in kubernetes domain	Refreshed base image cache, rebuilt, set up automated CronJob for cache refresh	Rebuilt the image but did not automate base image refresh	Added a scanner exception (.trivyignore) without fixing the underlying cause
Cross-domain thinking	Explained the full chain: cached base image -> multi-layer SBOM confusion -> false positive -> pipeline block	Acknowledged the scanner/pipeline interaction but missed the base image cache root cause	Treated it as a security policy or scanner configuration problem

Prerequisite Topic Packs

• container-images — needed for Domain A investigation (Trivy, SBOM, vulnerability databases)
• security-scanning — needed for Domain A (CVE assessment, exploitability analysis)
• cicd — needed for Domain B root cause (CI pipeline caching, build pipeline stages)
• docker — needed for Domain B (image layers, dpkg, multi-stage builds)
• container-images — needed for Domain C remediation (base image management, cache refresh)

Pages that link here

• Container Images
• Docker
• Security Scanning
• Symptoms: Container Image Vuln Scanner False Positive, Blocks Deploy Pipeline