Skip to content

Main Menu

Contains three subsections presenting an overview of the environment, issues discovered and history trend.


The Runecast Analyzer Main Dashboard is the central page that provides a summary of your virtual environment and detected issues. Navigate to the Runecast Analyzer Web Interface URL https://<appliance IP> and login with valid credentials.


By default, the local user credentials are as follows:

  • Username: rcuser
  • Password: Runecast!

If you have configured Runecast Analyzer to use Active Directory then you can use an Active Directory account. Make sure to specify the username in one of the following formats:

  • <username>
  • <>

The Dashbaord, shows the following components for one or multiple systems, based on the selected Context:

  • Last 10 Analyses
  • Knowledge Profile Results
  • Configuration Drift
  • All Systems
  • Top Issues
  • Runecast Updated

Last 10 Analyses

Displays the evolution of all detected issues in the last ten analyses. This widget provides the option to either check the total number of objects affected or the number of issues. By clicking the Explore button, you will land in the “Detected Issues” view where you can see details for all issues.

Knowledge Profile Results

users will be able to detect at a glance the number of issues that are affecting their systems. The issues are classified by:

  • Vulnerabilities: the total number of CVEs discovered in the environment and how many of them are marked as KEVs (Known Exploited Vulnerabilities). On interaction with any of the lables, Runecast will load a filtered view depending on the selected option.
  • KB articles: the total number of applicable VMware Knowledge Base articles proactively discovered in the environment.
  • Log KBs discovered in the last 7 days: this applies to VMware environments and highlights the total number of issues related to log entries received from your ESXi hosts and VMs.
  • Compliance Profiles: easily spot the number of issues related to a specific security standard, along with the impact it has on the analyzed environments. The impact bar shows the number of failed, not answered, and passed issues.

Configuration Drift

This widget provides a quick overview of the information related to any configuration drift in the last two analyses. Hover the mouse over the icons to get detailed information related to the configuration changes made on the selected system(s).

All Systems

Provides rapid access to an overview of each of the systems in the current context. For vCenter Server systems, this widget also shows the number of both incompatible and compatible hosts, providing more context to hardware compatibility information.

Top Issues

This widget highlights the most critical issues discovered in the last two analyses and those that are newly discovered. Users can click on them to check the details of each issue and the systems affected.

Runecast Updated

Shows a summary of the last applied update. It includes links to the user guide when any action is required.


Browse through your virtual infrastructure objects hierarchically using the Inventory feature located in the left side of the page. The number of detected issues is shown alongside inventory objects in the tree-view structure. Click on an object to open a detailed list of associated issues. The new list will display on top, apart from the object name, multiple filters to customize it but also a search box and an Export button. To see additional details, select any of the displayed issues by clicking on it. Another section will be revealed presenting information regarding findings, description, notes. Use the Ignore button if you want to filter out the current issue against the selected inventory object.


In rare cases, due to permissions inconsistency, it may not be possible to place some analysis objects under their respective parent objects. In such cases, they can be found under the auto generated folder called Orphaned objects in the root of the system inventory tree.

Detected Issues

This view combines all types of detected issues into a single chart and table. By default, the list of current issues (at the last scan) is displayed. This view can be customized by using filters and/or selecting previous scans.

A set of quick filters at the top of the page provides the possibility to filter the data displayed. The list of filters applied is displayed directly on the dropdown button label. Filters are applied to the history chart and to the list of results. Two other features are found at the top-right. The Search bar gives the possibility to search for text in Title. The Export button provides the option to export the Result table in different formats (PDF or CSV). If selected, the option Includes Affected Objects with Findings will output each affected object together with low-level results for their specific findings.

The history chart is provided to visualize issue levels or objects number over the last ten scans. Use one of the two view types (Objects or Issues) to switch to the desired view. Each scan is represented by a bar, which will display additional information (date and hour of the scan and the number of issues found) when the user hovers over it.

Compare Analyses

The All Issues View page is an entry point to perform a comparison between any two analyses. To do so:

  1. Click on the Compare Analyses button
  2. Select desired analyses for comparison - by default the latest and the one before it are pre-selected
  3. Click on the Compare button
  4. You can see differences between both analyses for each issue
  5. Click on any issue in the comparison list in order to see a complete list of all objects and their states in both analyses
  6. From the top of the page you can change the analyses to compare or close the comparison page

Image Scanning

When at least one Kubernetes cluster is connected to Runecast Analyzer the Image Scanning option will appear in the menu. This functionality allows you to scan container images on-demand and also use it as a webhook for kubernetes admission controller configuration.

Supported image repositories

If an image is specified without a full URL to its location it will be pulled from repository.

Other supported container image reposiories are:

  • Non-authenticated repositories
  • Custom CA signed repositories need to have the certificate trust added to the Runecast Analyzer appliance

Manual scan

Click on the Scan image button, provide a container image name and confirm your action with the Scan button in the dialog.


Optionally, select an admission policy that will be evaluated as part of the image scan. The policy evaluation result will appear in the main table and also in the scan details modal.

Select a scan from the main table to review the result details. The modal displays found vulnerabilities and also general image configuration.

Kubernetes integration

Runecast Analyzer provides an API endpoint which can be used as a webhook in a Kubernetes admission controller configuration:


where, the {policyId} is the ID of one of the predefined admission policies.

As any other endpoint in Runecast Analyzer, the request has to be authenticated. Make sure to generate an API Access token of access type Global Admin and configure the Kubernetes admission controller to use bearer token type of authentication for the webhook.

The response from the API endpoint will either allow or deny deployments based on the selected policy. Image scans triggered via kubernetes admissions controller are also visible in the Runecast Analyzer Image Scanning UI. They can be easily discovered based on the Trigger type column data.

To find out more on how to configure Runecast as a Kubernetes validating webhook including step-by-step guide, please see the Kubernetes Integration Examples chapter.

Public API

It's possible to trigger a scan of one or multiple images via the Runecast public API.

curl -X POST -H "Authorization: <your API token>" -H "Content-Type: application/json;charset=UTF-8" https://<appliance IP>/rc2/api/v2/images-scan-requests -d '{"imageNames": ["<image1>","<image2>"],"policyId": 1}'


The policyId parameter in the payload is optional and if specified the scan result will be evaluated against the selected predefined admission policy.

The result of the above API request will look like the following:

    "imagesScanId": 454,
    "imageNames": [
    "policyId": 1,
    "scanResultCompliesWithPolicy": false
The information available in the response can already be used to make decisions if the endpoint, for example, is part of a deployment pipeline. Additionally, using the imagesScanId a further API call can be made to get the complete results:

curl -X GET -H "Authorization: <your API token>" -H "Content-Type: application/json;charset=UTF-8" https://<appliance IP>/rc2/api/v2/images-scans/{imagesScanId}

The response of the above API request will contain detailed information about the overall status and also for each image scanned.

Scans triggered via the public API will be visible in the UI as API trigger type.

Admission policies

Runecast Analyzer comes with a predefiend set of admission policies that can be used to evaluate the result of an image scan. They can be used as part of the manual image scan or via the webhook used in the kubernetes admission controller.