Merge pull request #250180 from tspivakms/patch-40

prmerger-automator[bot] · web-flow · commit 2ceeec774186 · 2023-09-06T12:01:36.000Z
Update agentless-container-registry-vulnerability-assessment.md
diff --git a/articles/defender-for-cloud/agentless-container-registry-vulnerability-assessment.md b/articles/defender-for-cloud/agentless-container-registry-vulnerability-assessment.md
@@ -38,16 +38,22 @@ Container vulnerability assessment powered by MDVM (Microsoft Defender Vulnerabi
 
 The triggers for an image scan are:
 
-- **One-time triggering** – each image pushed or imported to a container registry is scanned shortly after being pushed or imported to a registry. In most cases, the scan is completed within a few minutes, but sometimes it may take up to an hour.
+- **One-time triggering**:
+  - each image pushed or imported to a container registry is scanned after being pushed or imported to a registry. In most cases, the scan is completed within a few minutes, but sometimes it may take up to an hour.
+  - [Preview] each image pulled from a registry is triggered to be scanned within 24 hours.
 
   > [!NOTE]
-  > While Container vulnerability assessment powered by MDVM is generally available for Defender CSPM, scan-on-push is currently in public preview.
+  > While Container vulnerability assessment powered by MDVM is generally available for Defender CSPM, scan-on-push and scan-on-pull is currently in public preview.
 
 - **Continuous rescan triggering** – Continuous rescan is required to ensure images that have been previously scanned for vulnerabilities are rescanned to update their vulnerability reports in case a new vulnerability is published.
   - **Re-scan** is performed once a day for:  
-    - images pushed in the last 90 days.  
+    - images pushed in the last 90 days.
+    - [Preview] images pulled in the last 30 days.
     - images currently running on the Kubernetes clusters monitored by Defender for Cloud (either via [agentless discovery and visibility for Kubernetes](how-to-enable-agentless-containers.md) or the [Defender agent](tutorial-enable-containers-azure.md#deploy-the-defender-agent-in-azure)).
 
+  > [!NOTE]
+  > While Container vulnerability assessment powered by MDVM is generally available for Defender CSPM, scanning images pulled in the last 30 days is currently in public preview
+  
 ## How does image scanning work?
 
 A detailed description of the scan process is described as follows:
@@ -63,7 +69,7 @@ A detailed description of the scan process is described as follows:
 - For customers using either [agentless discovery and visibility within Kubernetes components](concept-agentless-containers.md) or [inventory collected via the Defender agent running on AKS nodes](defender-for-containers-enable.md#deploy-the-defender-agent), Defender for Cloud also creates a [recommendation](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_CloudNativeCompute/ContainersRuntimeRecommendationDetailsBlade/assessmentKey/c609cf0f-71ab-41e9-a3c6-9a1f7fe1b8d5) for remediating vulnerabilities for vulnerable images running on an AKS cluster.
 
 > [!NOTE]
-> For Defender for Container Registries (deprecated), images are scanned once on push, and rescanned only once a week.
+> For Defender for Container Registries (deprecated), images are scanned once on push, on pull, and rescanned only once a week.
 
 ## If I remove an image from my registry, how long before vulnerabilities reports on that image would be removed?
 
