Software Lifecycle and End-of-Life Visibility

Sysdig Secure surfaces end-of-life information for operating systems and supported runtimes so you can identify and prioritize unsupported software in your environment.

Overview

Sysdig Vulnerability Management can show end-of-life (EOL) information for supported software components, so you can identify software that is no longer supported by its vendor, or is approaching the end of its support window, in the same workflows you use to investigate vulnerabilities.

For each supported component, Sysdig consolidates vendor lifecycle data into a single EOL date that is meaningful for security analysis. In most cases, this is the end of security support or the closest equivalent lifecycle milestone published by the vendor.

EOL information complements vulnerability data. Software can be unsupported even when vulnerability feeds are sparse or no longer updated, so lifecycle visibility helps you spot unsupported software earlier and prioritize upgrades.

This page describes lifecycle visibility for software components in your scanned images and hosts. For information about the sunset of Sysdig’s own scanning components, see Resources and Components.

Lifecycle States

Sysdig classifies each component into one of the following lifecycle states, based on its EOL date:

StateMeaning
ActiveMore than 90 days remain until the EOL date.
Approaching End of LifeWithin 90 days of the EOL date. Sysdig surfaces the remaining days (for example, 45 days).
End of LifeThe EOL date has passed. The component is no longer receiving vendor support.

When Sysdig does not have lifecycle data for a component, no lifecycle indicator is shown. This is normal for components from sources Sysdig cannot reliably classify. For more information, see Limitations.

Where Lifecycle Information Appears

Lifecycle information is shown directly in the workflows you already use to investigate vulnerabilities and components.

Resource Details Drawer: Components Tab

When you open a resource and navigate to the Components tab, the table includes a Lifecycle column. Each row shows the lifecycle state of the component, where data is available.

You can filter the Components table by lifecycle state using the Lifecycle filter, with the following values:

  • Approaching End of Life
  • End of Life

This is useful for narrowing the table to components that need immediate attention or are about to need attention.

For more information on opening the Resource Details drawer, see View Resource Details.

Component Details

When you inspect a single component, the details section shows the lifecycle state alongside the exact EOL Date when known.

Findings Details Drawer

When a vulnerability finding involves a component with lifecycle data, the Findings Details drawer shows the Component EOL state and the Component EOL Date. This gives you immediate context for whether a finding sits on still-supported software, or on software that no longer receives vendor patches.

Scan Result Side Panel

When you open a package from a scan result, the side panel shows the EOL state and the EOL Date for that package.

Use Lifecycle Data in Policies

You can act on lifecycle status directly from your vulnerability management policies by adding a Component Lifecycle rule to a rule bundle. When a rule bundle is evaluated against a scan, Sysdig fails the policy on any component that matches the lifecycle conditions you set.

A Component Lifecycle rule fails on one of these two conditions. You pick one or the other when you create the rule:

  • Component is End of Life: fails if any component in the scanned resource has reached its EOL date.
  • Component End of Life date is within 90 days: fails if any component is within 90 days of its EOL date.

To fail on both states (a common pattern: early warning when components are nearing EOL, plus enforcement on components already past it), add two Component Lifecycle rules to the same rule bundle: one with Component is End of Life selected, and one with Component End of Life date is within 90 days selected.

When a policy evaluation fails on a Component Lifecycle rule, the policy results show which components triggered it. From the policy failure details, you can pivot directly into the affected components filtered by lifecycle phase, so you can review what needs to be upgraded or replaced.

Evaluating Component Lifecycle rules in the CLI requires Sysdig CLI Scanner v1.27.1 or later. Earlier versions ignore Component Lifecycle rules during policy evaluation.

For information on creating and managing rule bundles, see Rule Bundles.

CLI Scanner and API

Lifecycle metadata is also available in machine-readable form so you can use it in automation, pipeline checks, and integrations.

CLI Scanner Output

The scan result JSON produced by the Sysdig CLI scanner includes EOL information for components when Sysdig can determine it. This makes lifecycle data available earlier in CI and pre-deployment workflows, not only in the interactive UI.

Scan Results API

The scan results API exposes lifecycle data at two levels:

  • Image-level EOL date: the earliest EOL date among the components Sysdig detected in the image. This is useful as a top-level signal that an image contains some unsupported software.
  • Component-level EOL date: the EOL date for an individual component, when known.

Lifecycle fields are nullable. Treat them as enrichment that may or may not be present for a given component.

Filtering by Lifecycle

The API supports filtering scan results by lifecycle phase, with the following values:

ValueMeaning
activeMore than 90 days remain until EOL.
approachingWithin 90 days of EOL.
eolThe EOL date has passed.
unknownNo lifecycle data is available for the component.

The threshold for approaching is fixed at 90 days.

Supported Coverage

Operating Systems

Sysdig provides EOL data for the following operating systems:

  • Alibaba Linux
  • AlmaLinux
  • Alpine
  • Amazon Linux
  • Azure Linux
  • Debian
  • EulerOS
  • Fedora
  • openSUSE
  • Oracle Linux
  • Photon OS
  • Red Hat Enterprise Linux
  • Rocky Linux
  • SUSE Linux Enterprise Server
  • Ubuntu
  • Windows

Vendors publish lifecycle data using different models. Some operating systems have fixed support windows, some offer paid extended support, and some use rolling-release or channel-based models where a conventional fixed EOL date is weaker or absent. Sysdig presents a single EOL date per component for consistency across the UI and API, but the underlying lifecycle semantics may vary by vendor.

Application Runtimes

In this release, EOL coverage for application runtimes is limited to:

  • Go (the Golang runtime)

Other application runtimes are not currently included in EOL coverage.

Limitations

  • OS package lifecycle is not inherited from the operating system. In container images, Sysdig cannot reliably distinguish whether a package was installed from an official OS repository, a third-party repository, or a local file. As a result, packages installed through an OS package manager do not automatically inherit their operating system’s EOL date. Expect lifecycle signals for the operating system itself, but not universal coverage for every OS-managed package inside an image.
  • Runtimes installed through developer tools such as asdf, mise, Homebrew, nvm, or rbenv are not in scope for EOL coverage in this release.
  • Lifecycle data is enrichment, not a guarantee. Some components may have no EOL information available even within supported operating systems. For example, very old releases or custom builds.

What This Release Does Not Do

  • The 90-day “approaching” window is fixed in this release. It applies to both the Approaching End of Life visibility state and the Component End of Life date is within 90 days policy rule.
  • It does not provide EOL-specific reporting rollups.