: 30.03 Update 3 Release Notes

30.03 Update 3 Release Notes

Table of Contents

30.03 Update 3 Release Notes

The following table outlines the release particulars:
Code name
Maxwell, 30.03 Update 3
Release date
July 16, 2023
Maintenance Release
Review the system requirements to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators.


Package URL (pURL) Format Support for Vulnerabilities

Prisma Cloud now adds package URLs (pURL) for packages and vulnerabilities while scanning the images using twistcli. This helps to reliably reference the same software package using a simple and expressive syntax and conventions based on familiar URLs.
As you scan images with twistcli, you can filter the CVEs based on the pURL format in the CVE viewer.

Registry Scan Scale Support Increased to 1M Images

Registry image scan limit has been increased to 1,000,000 from 100,000 for all image types.

Support for GitLab Container Registry

Added support for scanning GitLab Container Registry without using admin credentials to manage and get a full list of all container registries/images.

New Features in Agentless Security

Scan errors visibility improvements - accounts/ region error scope

Introducing Enhanced Issue Visibility: To get the most out of agentless scanning, this update categorizes issues during the agentless scan process, provides detailed information on their nature, source, and troubleshooting steps, and offers a seamless user interface experience. Easily understand and resolve issues, improving scan coverage and streamlining your scanning process.
As a side effect, this update might display erroneous scan details, that would be auto-remediated by a maximum of 2 agentless scan cycles.

Added Support for Parallel Agentless Scans of Accounts and Regions

Added the ability for agentless scanning to scan accounts and regions within those accounts in parallel.
The changes include the following enhancements.
  • The UI shows the status of an ongoing scan for specific accounts. For example
  • You can see the general progress of an ongoing scan on the
    Compute Cloud Accounts
    page instead of in the progress bar.
  • Your hub account is treated as an account dedicated for agentless scanning, which is used only to scan other accounts, and no longer scans itself.
  • You can manage the agentless scanning configuration centrally for all target accounts in the hub account configuration. You aren’t required to duplicate the configuration across all target accounts. For example, you can set custom networking configuration only on the hub account.

New Features in Core

Improved the Syslog output to Align with the API Output

Added fields to enhance the syslog output in alignment with the the API call responses. Fields were added for container runtime audits, host runtime audits, container incidents, and host incidents.

API Changes and New APIs

Registry Settings API supports GitLab Container Registry

Starting with 30.03, you no longer need to add GitLab Container Registry through Docker V2 registry which required administrative permissions to scan all images.
You can now directly add GitLab Container Registry in the POST, settings/registry endpoint by using the new schema gitlabRegistrySpec in the request body.
To add, you must specify the following parameters:
  • version
    : Specify the value
    for GitLab Container Registry.
  • registry
    : Specify the GitLab registry URL address. Example, for native registries, you can specify the address as "https://registry.gitlab.com"
  • credentialID
    : Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has atleast the
  • gitlabRegistrySpec
    : Specify at least one of the following fields:
  • userID
    : Specify your GitLab user ID to add all registries associated with it.
  • projectIDs
    : Specify the project IDs to add all registries associated with a GitLab project.
  • groupIDs
    : Specify the group ID to add all registries associated with a GitLab group.
  • excludedGroupIDs
    : Specify the top-level group IDs that you don’t want to add.
Old (30.02 and earlier releases)
Example request body schema:
{ "version": "2", "registry": "", "credentialID": "<GitLab Token>", "repository": "library/ubuntu", "tag": "16.04", "os": "linux", "cap": 5, "scanners": 2, "collections": ["All"] }
New (in release 30.03)
Example request body schema showing
that contains the
to add and scan all registries associated with it:
{ "version":"gitlab", "registry":"https://registry.gitlab.com", "namespace":"", "repository":"", "tag":"", "credentialID":"<GitLab Token>", "os":"linux", "harborDeploymentSecurity":false, "collections":["All"], "cap":5, "scanners":2, "versionPattern":"", "gitlabRegistrySpec":{"userID":"14631394"} }

Addressed Issues

  • Fixed an issue in Azure API that left the disks created by the agentless scanning process in a dangling state once the scanner VM was terminated. With this release, the dangling disks are explicitly deleted after the agentless scanner terminates leaving no resources unattached.

Recommended For You