compute vulnerability results not updating

Reply
Highlighted
L3 Networker

compute vulnerability results not updating

Based upon the vulnerabilities reported by Compute in my Lambda function, I updated the urllib3 library in my Python3.7 function to the latest version (1.25.8), but rescanning my function still shows the old library (1.25.7). Does anyone know how I can resolve this? the function should now no longer show any vulnerabilities for urllib3, and should definitely no longer in it's inventory state it uses urllib3 v1.25.7... 


Accepted Solutions
Highlighted
L2 Linker

Re: compute vulnerability results not updating

Hi Johan,

 

Please review the following hyperlink for directions pertaining to performing a manual scan of your function using twistcli. In my experience this will update your results as expected in the console.

 

"You can also use the twistcli command line utility to scan your serverless functions. First download your serverless function as a ZIP file, then run: Scan reports can viewed in Prisma Cloud Console, but only when you pass the --ci and the --publish flag to twistcli.
These flags are designed to minimize clutter in the Console UI, since many people might be using`twistcli` for scanning, but everyone will need to share it with the larger team in Console. To view scan reports in Console, go to Monitor > Vulnerabilities > Functions > CI or Monitor > Compliance > Functions > CI.
$ twistcli serverless scan <SERVERLESS_FUNCTION.ZIP>"

 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_manag...

 

Thanks 

Patrick

Respectfully,
Patrick

View solution in original post


All Replies
Highlighted
L2 Linker

Re: compute vulnerability results not updating

Hi Johan,

 

Please review the following hyperlink for directions pertaining to performing a manual scan of your function using twistcli. In my experience this will update your results as expected in the console.

 

"You can also use the twistcli command line utility to scan your serverless functions. First download your serverless function as a ZIP file, then run: Scan reports can viewed in Prisma Cloud Console, but only when you pass the --ci and the --publish flag to twistcli.
These flags are designed to minimize clutter in the Console UI, since many people might be using`twistcli` for scanning, but everyone will need to share it with the larger team in Console. To view scan reports in Console, go to Monitor > Vulnerabilities > Functions > CI or Monitor > Compliance > Functions > CI.
$ twistcli serverless scan <SERVERLESS_FUNCTION.ZIP>"

 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_manag...

 

Thanks 

Patrick

Respectfully,
Patrick

View solution in original post

L3 Networker

Re: compute vulnerability results not updating

Thanks for the suggestion, though I am still wondering why a "scan now" button doesn't automatically update the results...

Highlighted
L2 Linker

Re: compute vulnerability results not updating

Hi Johan,

 

Have you recently upgraded? Any changes to note? As explained to me, twistcli scans are different from what takes place when the "scan now" button is used. Specifically, I've seen this before, after an upgrade. Glad to be of assistance.

 

Patrick

Respectfully,
Patrick
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!