Configure Agentless Scanning

Agentless scanning provides visibility into vulnerabilities and compliance risks on hosts. Agentless scanning enables you to see the images present on the hosts and the Docker daemon configuration for your accounts with the following cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). On Linux VMs, agentless scanning provides insight into whether the Linux Distribution requires security updates to address known vulnerabilities. This feature also ensures you have visibility into pending operating system security updates.
Under
Manage > Cloud accounts
, you can configure agentless scanning for your AWS, Azure and GCP accounts, manage their credentials in the Cloud Accounts page, and enable other features: cloud discovery, VM tags discovery, and serverless radar. To setup the agentless scanning for your accounts, you have the following alternatives.
Use the
Cloud Account Manager
user role to grant full read and write access to all cloud account settings. This role can manage credentials, change the agentless scanning configuration, and edit the Cloud Discovery settings.
By default, configured scans are performed every 24 hours, but you can change the scanning interval during configuration under
Manage > System > Scan
. Change the agentless scanning interval under
Scheduling > Agentless
image::agentless-interval.png[width=800]
You can check if there are any pending OS security updates for Linux VMs under
Monitor > Compliance > Hosts > VM images
.
To trigger a global scan, click the
Trigger scan
dropdown and select the
Start agentless scan
option on the
Cloud accounts
page.