Prisma Cloud Compute Known Issues
Review the list of known and addressed issues and deprecation notice for the Compute capabilities on Prisma Cloud Enterprise Edition.
The following table lists the known and addressed issues on Compute capabilities on Prisma Cloud Enterprise Edition.
The list of addressed issues are not cumulative; only the issues that are fixed with the last published release are included here.
Issue ID | Description |
Fixed in 30.01.152 | Addressed an issue that caused the Console to be unresponsive when a database restore was unsuccessful. With this fix, when the database restore fails, Console reverts the changes and falls back to the database state before the restore was initiated. |
Fixed in 30.01.152 | Fixed incorrect CVE matching to the base layer for the binaries installed without a package manager.
There are differences in the results between an image created by Dockerfile and an image pulled by the registry. The vulnerabilities scan results attribute correctly to the base layer for the images built from a Dockerfile. |
Fixed in 30.00.140 | False "Passed" result caused when both alert threshold and failure threshold are off, with exceptions for specific CVEs.
With this fix, exceptions set to fail now fail as expected, even when the thresholds are off. |
Fixed in 30.00.140 | App-embedded Defender scan results display the removed or disconnected instances of the images. |
Fixed in 30.00.140 | Missing Vulnerabilities of JARs on non-Maven Packages. |
Fixed in 30.00.140 | Missing paths for Ruby packages in the scan results.
With this fix, the package path in Monitor > Vulnerabilities/Compliance > Images helps you identify where the package is installed in your environment. |
Fixed in 30.00.140 | Missing Vulnerabilities for Oracle Linux. |
PCSUP-9241 Fixed in 30.00.140 | For the AWS US Gov region, alerts are not forwarded successfully to the AWS Security Hub integration.
With this fix, the correct AWS product ARN for US and China regions are used. |
PCSUP-11309 | The --tarball option in twistcli does not scan for compliance checks. Currently, only vulnerabilities are detected successfully. |
— | Windows hosts running Defender are reported as unprotected. This issue occurs when Defender is installed on Windows hosts in AWS and Cloud Discovery is configured to scan your environment for protected hosts. |
— | If you have the same custom compliance rule in use in a host policy (effect: alert) and a container policy (effect: block), the rules will enforce your policy (as expected), but the audit message for a blocked container will incorrectly refer to the host policy and host rule name. |
— | On the Radar Containers Non-cluster containers . |
— | A 404 Not Found error is displayed when performing a sandbox image analysis using older version of twistcli, such as v22.06, with the 22.12 console. |
PCSUP-12197 | For an application that originates from an OS package, the vulnerability data for CVEs is sourced from the relevant feed for the OS package. In some cases, like with Amazon Linux and Photon OS, this CVE information is provided in security advisories such as Amazon Linux Security Advisories (ALAS) for Amazon, and PHSA for Photon. In such cases, the correlation for the relevant vulnerabilities is limited. As an example, when the application “python” is sourced from an Amazon Python package, CVEs found for the python application (as a binary) will not be correlated with the relevant Amazon CVEs from the ALAS. |
- | A 404 Not Found error is displayed when performing a sandbox image analysis using older version of twistcli, such as v22.06, with the 22.12 console. |
- | The API endpoints discovered on App-embedded deployments are missing workload values and show zero vulnerabilities, although the protected workload has vulnerabilites. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
