1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Vulnerability management
    6. Scan reports

    Scan reports

    Prisma Cloud scans all Docker images on all hosts that run Defender. After Defender is installed, it automatically starts scanning images on the host. After the initial scan, subsequent scans are triggered:
    • Periodically, according to the scan interval configured in Console. By default, images are scanned every 24 hours.
    • When new images are created, pushed, or pulled onto the host.
    • When images change.
    • When scans are forced with the
      Scan
       button in Console.
    Defender scans Docker images for:
    • Published Common Vulnerabilities and Exposures (CVEs).
    • Vulnerabilities from misconfigurations.
    • Malware
    • Zero day vulnerabilities
    • Compliance issues
    • Secrets
    The Prisma Cloud Intelligence Stream keeps Console up to date with the latest vulnerabilities. The data in this feed is distributed to your Defenders, and employed in subsequent scans.
    Through Console, Defender can be extended to scan images for custom components. For example, you can configure Defender to scan for an internally developed library named libexample.so, and set a policy to block a container from running if version 1.9.9 or earlier at installed. For more information, see Scanning custom components.

    View image scan reports

    Review the health of all images in your environment.
    Sorting the table on vulnerability serverity as based on data from the last scan. If you update your vulnerability policy with a different alert threshold, recan your images if you want to be able to sort based on your new settings.
    1. Open Console, then go to
      Monitor > Vulnerabilities > Images
      .
      The table summarizes the state of each image in your environment.
      All vulnerabilities identified in the last image scan can be exported to a CSV file by clicking the
      CSV
       button in the top left of the page.
      In case multiple images share the same image ID, but with different tags on different hosts, then these will be shown using +<Num> in the Tag column, as can be seen in the screenshot below.
    2. Click on an image report to open a detailed report.
    3. Click on the
      Vulnerabilities
       tab to see all CVE issues.
      CVE vulnerabilities are accompanied by a brief description. Click
      Show details
       for more information, including a link to the report on the National Vulnerability Database.
      The
      Vendor Status
       column contains terms such as 'deferred', 'fixed in…​', and 'open'. These strings are imported directly from the vendors' CVE databases. They are not Prisma Cloud-specific.