This document applies only to the Vulnerability Management engine, released April 20, 2022. Make sure you are using the correct documentation: Which Scanning Engine to Use. You also need to enable it in Sysdig Labs.
A “host” is any runtime entity where you could execute the Sysdig agent, including virtual machines, Kubernetes nodes, bare metal, and cloud-managed hosts such as EC2.
Scanning for vulnerabilities on hosts is as important as scanning on containers, and certain standards such as NIST 800-190 require vulnerability reports on running hosts to pass compliance. Sysdig’s host scanning feature provides a unified flow with image scanning, for a smooth user experience.
Note: Having the agent installed on the hosts is not required, but is recommended. Metadata autocomplete on the filters and searches depend on the Sysdig agent.
Enable Host Scanning
Review the Installation Requirements and install the Host Scanner on a Kubernetes cluster or on a host as a container.
Current Feature Limitations
- No Risk Spotlight/In Use integration
How Long until Host Scan Results Appear in the UI?
- If the default parameter
nodeAnalyzer.nodeAnalyzer.hostScanner.scanOnStart=trueis set, then a scan will start just after the pod is ready. You can expect the results in a few minutes, ~15 min max.
- If this parameter is not set, results will be shown ~11 hours from install.
- In all cases, scans are refreshed every 12 hours.
- Helm chart and Docker container installations behave the same.
Once you have deployed the host scanner in your environment, the Runtime UI will integrate the findings alongside the runtime workload results, based on an out-of-the-box Vulnerability policy.
Filter for Hosts
You can filter to find results of host scanning using the quick links in the banner at the top of the page, and/or the filter bar.
You can filter hosts using:
- Kubernetes cluster name
- Cloud account id
- Cloud account region
- Host Name
- Agent tags
See also, Vulnerability Policies|Runtime.
You can schedule and download reports for scanning done on hosts as well as containers.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.