HomeCKS practice tasks › Generate SPDX Document and Remove Vulnerable Container
CKS · Supply Chain Security

Generate SPDX Document and Remove Vulnerable Container

One Deployment contains multiple Alpine-based containers.

Solve this on a real cluster — free → All CKS tasks
🗓️ Free Task of the Week: one CKS task is unlocked free for everyone every week — no card, real cluster, auto-graded (2 tries/week). Create a free account and check whether this one is live now.

The task

Task

One Deployment contains multiple Alpine-based containers.

Requirements

  1. Identify which Alpine image contains libcrypto3
  2. Remove the container using that image from the Deployment multi-alpine
  3. Generate an SPDX document:
   bom generate --image alpine:3.19.1 --output /root/alpine.spdx

Verify that the SPDX file was created.

Exam
CKS
Domain
Supply Chain Security
Grading
Programmatic · partial credit
Reference
Kubernetes docs ↗

What this tests

Scan images for vulnerabilities, harden Dockerfiles, generate SBOMs, and enforce image policy. On the CKS exam, Supply Chain Security tasks are graded purely on what you build in the cluster — not multiple choice — so the only way to get faster is to do them on a real cluster against a clock.

Practice it for real

prepium.sh drops you into your own isolated Kubernetes cluster in the browser — no install, no credit card. You solve the task in a real terminal, hit validate, and a programmatic checker scores exactly what you got right and wrong (with partial credit). The canonical solution unlocks after you attempt it, so you learn the fast, exam-ready way to do it.

Start free → CKS overview

Related CKS tasks

Dockerfile and Deployment Security Best Practices Configure ImagePolicyWebhook Admission Control