You can specify how often Prisma Cloud scans your environment for vulnerabilities and compliance issues. By default, Prisma Cloud scans your environment every 24 hours. Images are re-scanned when changes are detected. For example, pulling a new image triggers a scan.
Prisma Cloud scans for vulnerabilities and/or compliance issues in:
Scan intervals can be separately configured for each type of object.
The scan frequency is configurable. By default, Prisma Cloud scans your environment every 24 hours.
Go to Manage > System > Scan.
Scroll down to the Scheduling section.
Set the scan intervals for each type according to your requirements.
Scan intervals are specified in hours.
Scroll to the bottom of the page, and click Save.
Console reports the last time Defender scanned your environment. Go to Manage > Defenders > Manage, and click a row in the table to get a detailed status report for each deployed Defender. The status column shows the last time Defender scanned the containers and images on the host where it runs. When Defender is delegated the registry scanner role, you can also see the last time your registry was scanned.
Defender roles are displayed in the Manage > Defenders > Manage table. The following screenshot shows that Defender on host ian-23 is a registry scanner.
Scanning for malware in archives in container images consumes a lot of resources. The scanner unpacks each archive to search for malicious software. Checksums must be indiviudally calculated for each file. Because of the performance impact and the way containers tend to be used, malware in archives is an unlikely threat. As such, Scan for malware within archives in images is disabled by default.
If this option is enabled, Prisma Cloud supports the following archive file types.
Note: If the archive is over 512Mb, Prisma Cloud will not scan it.
The purpose of this option is to show vulnerabilities in dependencies that might not exist on disk (which are often development dependencies).
Most Node.js packages contain a package.json that lists all of its dependencies (both dependencies, and devDependencies). When parsing a Node.js package discovered during a scan, if this option is enabled, Prisma Cloud appends the all packages found in each package.json to the list of packages to be assessed for vulnerabilities. This option isn’t recommended for production scenarios because it can generate a significant number of false positives.
If this option is disabled (default), Prisma Cloud only evaluates the packages that are actually found on disk during scan. This is the recommended setting for production scenarios.
When scanning images with twistcli, use
When Show vulnerabilities that are of negligible severity is enabled, the scanner reports CVEs that aren’t scored yet or have a negligible severity. Negligible severity vulnerabilities don’t pose a security risk, and are often designated with a status of "will not fix" or similar labels by the vendor. They are typically theoretical, require a very special (unlikely) situation to be exploited, or cause no real damage when exploited.
By default, this setting is disabled to strip unactionable noise from your scan reports.