Prisma Cloud Compute: Why are vulnerable packages sometimes not detected by a host scan?

Why are vulnerable packages sometimes not detected by a host scan?

• Prisma Cloud Enterprise Edition
• Prisma Cloud Compute Edition
• Host Scans

By design, host scanning does not traverse the full filesystem of the host; instead running processes are checked to verify what packages are being actively used on the system, only then reporting their existence and related vulnerabilities. Packages which are present on the disk but are not used by any active processes will not have their vulnerabilities reported by a host scan.

Due to the method implemented for host scanning, the results presented by Prisma Compute might differ from sources which perform full system scans (e.g Qualys).