Scanning Alma Linux

Is anybody be able to get some results from an authenticated AlmaLinux scan at the moment?
I also can’t find some vuln’s in the database related to AlmaLinux.

We have a few Alma Linux servers which are scanned by agent and infra scanner, we see very little on those related to the OS.

I have requested via support that they support this distro

1 Like

Same thing with Rocky Linux. I have opened a ticket back in Dec and also contacted our rep, they have said that it’s in the pipeline of things to do but they wouldn’t comment on when they would do it.

Considering CentOS is dead and enterprise customers are moving to Alma and Rocky, you would think they would get this done asap. All our other vendors have implemented the change pretty quickly.

Now insightvm can scan Alma linux

It’s always been able to scan Alma and Rocky, the issue is the results are incomplete. I have RHEL8, CentOS 8, Rocky 8, and Alma 8 in vm’s being scanned by InsightVM/Nexpose and they should all have the same results, but they don’t. RHEL8 and CentOS 8 are the same (~13k), Rocky and Alma (~2k). All the same packages, patches, configurations, etc.

Indeed, it sees “some” vulnerabilities, but not the vulnerable packages like it doesn’t with RHEL and CentOS. That means the InsightVM scans are useless.