"Scan status" field for CI images results.
2009
Created On 04/07/23 17:53 PM - Last Modified 02/20/25 17:55 PM
Symptom
The "Scan status" field shows data which may not always match the vulnerability data present below in the results.
Example:
- Scan status:
- Vulnerabilities:
The other two vulnerabilities in the second entry (shown in the above image) were high and moderate respectively.The picture above shows that we have 4 Critical vulnerabilities in the vulnerabilities section while the Scan status still shows as failed at 3 Critical vulnerabilities.
Environment
- Prisma Cloud Compute - Self-hosted & SaaS (all versions)
- Linux
- macOS
- Windows
Cause
The Scan status field indicates the following:
- Highlights the CI rule that was violated by the vulnerabilities detected in the scanned image
- Mentions the CI rule setup ("Blocking vulnerabilities by severity OR by risk factors.")
- Highlights the number and severity of the vulnerabilities which matched the set failure threshold
Resolution
The Vulnerabilities section contains the details of all the vulnerabilities detected at the time of the scan (including the ones mentioned in the Scan status field), and the data present in this field is relative to the latest available threat data.
Example of a newly scanned CI image:
- Scan status:
- Vulnerabilities:
Conclusion: For a newly scanned image, the count for the High severity vulnerabilities (19) matches for Scan status as well as the Vulnerabilities section. The Application type vulnerability has a few medium, as well as low vulnerabilities. This result is because the scan was in accordance to the latest threat data from the Intelligence Stream.
Additional Information
Relative documentation: Vulnerability Management Policies.