Cisco Panoptica Deployers are components that integrate with upstream CD applications (such as Helm) to provide image scan information to Panoptica about your workloads before they are deployed to your managed environments. Panoptica uses this information in CD policies to determine whether workloads can be deployed on your environments.

Panoptica has the following deployers:

  • Panoptica deployers - these are plugins for CD applications. You download them from Panoptica and deploy to your CD application. They scan images at the CD stage, and send the information to Panoptica, where results are displayed, and used in policies. You can deploy these deployers to CD apps feeding any of your managed environments.
  • Operator deployers - these are connected to clusters, using Kubernetes service accounts, and scan images as they are deployed on the cluster. Results are sent to Panoptica, where they are displayed, and used in policies (to control deployment). These are suitable for environments using Gitops methodology.


  • Gain upstream visibility into workloads at the CD stage, before they are deployed to production clusters; you can see vulnerabilities and other findings in the image
  • Apply Panoptica protection to workloads automatically from the moment of deployment
  • Prevent deployment of vulnerable or risky workloads on your production environments by creating Panoptica Policies based on these deployments

Deployer Types

You can create and deploy the following deployers.

Panoptica Deployers

These deployers are associated with upstream Panoptica CD plugins that are downloaded & installed from the Plugins page in the Development page (see CI/CD plugins). The association is made using a Panoptica Service Account, which is common to both the deployer and the Plugin.
The scope of the Deployer is any Panoptica environment, whether a cluster, a group of clusters, or a namespace. The Deployer has visibility of all images prepared by any of the associated upstream plugins.

Kubernetes Operators

These deployers are associated with a single Kubernetes cluster in your environment, and use a Kubernetes Service Account. They have visibility of all images deployed on the cluster.

Use Deployers in Policies - CD Scan Policies

You can use deployers in CD Scan Policies to select images on which the policy will be applied. These policies scan the selected images, and either detect or block them from being deployed on your environments if they have specific risks.