Vuln scans for Containers

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Vuln scans for Containers

L0 Member
Hello, we're using Twistlock for our container vulns. I have few questions related to the Vulnerability scans for Containers.
1. Does Twistlock retain scan results for images that were once deployed (ephemeral deployments)?
2. Deployed images vs Registry images: scanned results are different. How often do registry images get scanned?
2 REPLIES 2

L3 Networker

Hello Chris,

 

Thank you for reaching to Palo Alto Networks Support. My name is Umer, and I am part of Prisma Cloud Compute Support team.

 

1. To test it, I pulled an ubuntu image from docker, and ran a scan. Once scan was completed, I deleted the ubuntu image. The image was deleted from the host, but scan results are still showing in the UI. I will keep you updated, as to how long it takes for image scan results to disappear after we have deleted the image. 

 

2. To see how often we scan images and registry, you can look at the scheduling setting. Please go under System > Scan. By default, the options will be set to 24 hours.

 

Hope it helped!

 

Please let me know if you have any further questions. 

 

Regards,

Umer Sheikh | Technical Support Engineer - Prisma Cloud Compute | PCCSE, AWS - Associate Architect

L0 Member

Hi Umer,

 

Thanks for the detailed response. That would be great to know how log it takes for image scan results to disappear.

Now that I think of it with help of you and Saad, we do want ephemeral container scan result but we also don't want old scan results that we dont use anymore.

By turning off "Only scan images with running containers," this provides way too much results that are not relevant.

  • 1602 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!