Skip to main content

FAQs - Agentless Workload Scanning


This topic describes functionality that is currently in beta.

Which cloud providers are supported for agentless scanning?

Currently, Lacework supports agentless scanning on AWS only. It will be supported on GCP for GA (and Azure sometime after that).

Which operating systems are supported for agentless scanning?

See Supported Operating Systems.

What container image formats are supported by agentless?

See Supported Container Image Formats.

Which file systems are supported for agentless scanning?

See Supported File Systems.

See Supported Language Libraries and Package Managers.

What is the minimum CPU and memory required for agentless scanning?

Agentless scanning does not require CPU and memory from your active workloads. It uses its own serverless cluster and configures its own CPU and memory limits that are optimized for cost-savings.

What is the maximum supported volume size for agentless scanning?

There is no limit on the volume size.

Is scanning supported for a specific type of workload?

You can specify a Lacework Query Language (LQL) query to select or filter workloads when you configure or edit your agentless workload scanning integration in the Lacework console at Settings > Integrations > Cloud accounts.

In the future, we plan to support example queries for targeting tags and other types of identifiers.

Does agentless scanning support container vulnerabilities?

Yes, any container images located on your cloud resources (such as running EC2 instances) are scanned for vulnerabilities.

This only applies to Agentless integrations with the Scan containers option set to true.

How can I change the agentless scanning frequency?

  1. In Settings > Integrations > Cloud accounts, select your agentless scanning integration. This displays the details of the integration.
  2. Click the Edit button.
  3. Change the frequency in the Scan Frequency (hours) field.

More frequent scans can result in higher AWS costs for snapshotting and periodic scanning.

How can I view the host scan results?

  1. Select Vulnerabilities > Hosts to view host vulnerabilities in your environment.
  2. Apply the Collector Type: Agentless filter (when Group by Host is active) to view host scan results from agentless workload scanning integrations.

How can I view the container scan results?

  1. Select Vulnerabilities > Container to view container vulnerabilities in your environment.
  2. Apply the Scanner Type: Agentless filter (when Group by Image ID is active) to view image scan results from Agentless Workload Scanning integrations.

Does agentless scanning detect active container images?

No, Agentless scanning does not currently detect whether your container images are active or not.

Lacework will detect active images on a host if you have an Agent installed.

Does agentless scanning on container images detect host operating system kernel packages?

Yes, Agentless scanning currently detects vulnerabilities on host operating system kernel packages.

This is different to regular container scanning (through Platform, Proxy, or Inline Scanners) where these packages are excluded from scans.

How do I upgrade the agentless scanning service?

Agentless scanning is a SaaS feature. As such, upgrades are automatic.

What is the default agentless scanning frequency?

The default scanning frequency is defined when configuring the Agentless Workload Scanning integration in the Lacework Console.

Hosts and Container images are assessed for vulnerabilities every 24 hours, so increasing the scanning frequency beyond that is not currently recommended.

Does agentless scan Kubernetes persistent volumes?

No, agentless does not yet scan persistent volumes in Kubernetes, namely those volumes tagged with

What volumes does agentless scan on a host?

Agentless only scans the root volume of a host for vulnerabilities.

Which storage drivers for Docker are supported by agentless?

Currently, only the recommended storage driver (overlay2) is supported for Docker container images.