How to Optimize the Scanning Performance of Serverless Functions in Prisma Cloud?
5540
Created On 05/20/22 10:10 AM - Last Modified 05/27/22 02:55 AM
Question
- How to Optimize the Scanning Performance of Serverless Functions in Prisma Cloud?
Environment
- Prisma Cloud Compute Edition (Self-Hosted)
Answer
- In the Compute Section, Serverless Functions can be manually scanned using the following ways:
Monitor > Compliance > Functions > Scanned Functions > Scan - Compliance scan reports for scanned functions.
- Since the Console itself is scanning Serverless Functions and not the Defenders, it is the Console’s available resources that determine the Scanning Performance.
- (AWS Only) Scanning only the latest version of each function can reduce scanning time of published ones. Otherwise, the scanning will cover all versions of each function as discussed here: Serverless function scanning
- This option can be enabled in Console by going to Defend > Vulnerabilities > Functions > Functions > Add scope > Scan only latest versions.
- During times when the Serverless scan times are long and delayed, Console Debug Logs can give us further insight on the same.
- The Console Debug Logs can be downloaded from Console : Manage > View logs > Console > Download debug logs.
Additional Information
- Serverless Radar Scanning can take a while, as it is done in the Console. Since this is scanned periodically, there is no need to run the scan manually : Serverless Radar
- We list our performance planning information here: : Performance planning
- It is also worth noting the runtimes supported by Prisma Cloud for Vulnerability and Compliance scans in AWS Lambda, Google Cloud Functions, and Azure Functions: System requirements