Skip to content

Tech note - image scanning for CVEs

This tech note answers some frequently asked questions about Matillion's policy on scanning for common vulnerabilities and exposures as per the CVE Program.

Does Matillion scan its images for vulnerabilities (CVEs)?

Yes. Matillion scans all machine images for common vulnerabilities and exposures (CVEs), and remediates all high-priority CVEs before releasing an image.

Are Matillion images guaranteed to remain free of CVEs?

New CVEs can be discovered over time, so an image scanned prior to deployment may not remain 100% free of vulnerabilities. However, when new CVEs are identified, Matillion promptly patches and releases new images.

What should customers do to ensure maximum security?

Customers are strongly recommended to upgrade or migrate to the latest supported version of Matillion ETL to maintain the highest level of security coverage.

Where can I find detailed information about Matillion's security practices?

Security information can be found in Matillion's Trust Center portal. The Matillion Security Whitepaper gives a comprehensive overview of security policies.

In the Trust Center you can also find our SOC2 Type II Attestation Report and NCC Penetration Test Reports.

If you have further questions, Matillion’s security team is available to discuss your concerns.

How does Matillion respond to vulnerabilities?

Matillion follows a robust vulnerability management program that includes:

  • Comprehensive scanning, categorization, and remediation of vulnerabilities.
  • Adherence to internal policies and remediation schedules.

While Matillion doesn't share results of internal security scans, customers are encouraged to perform their own independent scans and tests.

Does Matillion comply with AWS Marketplace guidelines for images?

Yes. Matillion adheres to AWS Marketplace guidelines for publishing Amazon Machine Images (AMI). These guidelines can be found in the AWS documentaiton.

What if I am using an older version of Matillion ETL with known vulnerabilities?

For older versions, such as version 1.72, which uses the end-of-life CentOS Stream 8, customers are strongly advised to migrate to a newer version where these vulnerabilities have been addressed.

© Copyright 2024 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement