Cisco Panoptica scans the nodes and pods running in your clusters, and the images in them, and shows vulnerabilities discovered them. This is a runtime snapshot of the the vulnerabilities detected in workloads actually running in an environment.

Runtime Vulnerability Scan

The Runtime Scans view shows a list of your clusters. For each, it shows a summary of vulnerabilities found in any image in any pod in the clusters.

Run a scan

Click SCAN NOW or RESCAN to start a scan on a cluster.

Select the namespaces in the cluster to be scanned (by default, all namespaces are scanned).
Select the number of scans to be done in parallel (this will speed up the process, but apply a greater processing load)
Select the minimum severity level to be reported. Severities below this level will not be included in the scan results.
Select whether to run Docker CIS Benchmark scans.
Select when the scan will be run: now, later (a fixed time), or repeatedly (and set the repetition period).
Click SAVE to save the details, and run the scans at the selected times, or SAVE AND SCAN NOW to run the scan now.

After the scan is run, the results in the view will be updated.

Analyse scan results

Click ">" for a cluster in the list to show more detail for the most recent runtime scan on a cluster.

Details for the scan are shown. Each pod in the cluster is shown and, for each, the images running on it. The summary of vulnerabilities for the pod (that is, all images running on the pod) are shown.

Click on an image to show the specific vulnerabilities found in it. Each vulnerability in the list is a link to more detail.

Image layers

You can see details for the layers in an image. Select the IMAGE LAYERS tab in the detail for an image. This shows the vulnerabilities in each layer.

Expand this to show individual vulnerabilities in each layer.