After you’ve created a policy, you can run an assessment that scans the targeted assets against the latest advisories.

SaltStack SecOps Vulnerability scans for available packages that can repair vulnerabilities identified by the advisory.
Note: After initial installation, SaltStack Config takes about 15-20 minutes to ingest vulnerability content. For best results, wait at least 20 minutes after installing SaltStack Config before you run your first vulnerability scan. For more information, see Using the vulnerability library.

From the vulnerability workspace, you can run assessments from one more policies at once by clicking the checkboxes next to each policy and clicking Run assessment.

To view policy details and then run assessment on a single policy:


Before you can run a vulnerability assessment, you must have an existing vulnerability policy. For more information, see How do I create a vulnerability policy.


  1. In the Vulnerability workspace, select a policy to open the policy's dashboard.
  2. In the policy dashboard, click Run assessment and then click Run assessment in the confirmation dialog box.


SaltStack SecOps Vulnerability scans your system against the latest advisories. During assessment, no changes are made to any of your systems. After the assessment is complete, you can remediate any advisories. You can view the status of current or past assessments by clicking a policy in the Vulnerabilty workspace and the clicking on the Activity tab. The results page lists all queued, in progress, and completed scans.

What to do next

You can view your assessment results on the policy dashboard. To sort your results by node, click the Minions tab. If desired, you can download the assessment report in JSON format by clicking Report > Download > JSON from the policy dashboard.