Vulnerability discovered date resets to pod/cluster start/restart date

After restarting nodes/pods the first detected dates on image vulnerabilities in PCCE are reset to the start time of the pod.

This issue can arise in all of our supported environments. 

• Prisma Cloud Compute Edition
• Prisma Cloud Runtime Security

The cause of the issue is if "Only scan images with running containers" is turned on, Prisma will only scan the container and the discovered date will be based on the container's lifetime.  This is a true finding since if the container is stopped, the environment is no longer vulnerable to the vulnerability . 

This setting can be found under Manage > System > Scan 

If you would like to keep the original Discovered date for the vulnerability Prisma Cloud suggests keeping "Only scan images with running containers" turned off. This will scan all the images in your environment regardless of whether they have a running container or not and dates will be based off of when the image was introduced in your environment. 

Note: Keeping the toggle off will only scan images with the Docker container runtime. Static images in other runtimes, such as CRI-O and ContainerD will not be scanned unless they have a running container.