Vulnerability Host Scanner

This page describes how to install the Sysdig Vulnerability Host Scanner on non-Kubernetes hosts using containers. This Host Scanner is used to scan for vulnerabilities on hosts, in addition to the default runtime scanner on containers.

Prerequisites

Retrieve your access key to use for SYSDIG_ACCESS_KEY=<your-access-key>
Check your Sysdig Secure endpoint by region to use for SYSDIG_API_URL=https://<sysdig-url>
See Host Scanner installation requirements for remaining requirements.

Installation

Run the following Docker command to deploy the Sysdig Host Scanning container:

docker run --detach -e HOST_FS_MOUNT_PATH=/host -e SYSDIG_ACCESS_KEY=<access-key> -e SYSDIG_API_URL=<sysdig-secure-endpoint> -e SCAN_ON_START=true -v /:/host:ro -v /var/run:/host/var/run:ro --uts=host --net=host quay.io/sysdig/vuln-host-scanner:$(curl -L -s https://download.sysdig.com/scanning/sysdig-host-scanner/latest_version.txt)

This command will download and start the Sysdig Host Scanning container, passing in environment variables for the access key, Sysdig Secure endpoint, and other configuration options.

Replace with your agent access key, and with the URL for your Sysdig Secure endpoint by region.

Once the container is running, the scanner will begin scanning your host for vulnerabilities and providing security recommendations. You can view the results in the Sysdig Secure UI.

Results will be shown within 12 hours of installation - scans are refreshed every 12 hours.

Option: Scan for Non-Kubernetes Containers

It is possible to extend the host scanner to scan for non-Kubernetes containers such as Docker and Podman.

See Non-Kubernetes Container Scanning for details.

Next Steps

Use the Vuln Host Scanner in the Sysdig Secure UI

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.