CIS Scans not starting


Running Rancher v2.4.5 and when initiating CIS scans, the UI shows the scan in a “Running” state, however, none of the pods in the ‘security-scan’ namespace is deployed.

$ kubectl get all -n security-scan
No resources found in security-scan namespace.

This occurs for all clusters I’ve tested so far. All clusters (incl Rancher) are all on-prem and these scans worked previously.
Any tips on where to start the troubleshooting?

@smitphilip can you check whether the CIS App has been deployed successfully on your cluster? It would also be great if you could provide us the Rancher Logs around the time you installed CIS so we can make sure all of the CIS components installed as expected.

If this is an upgrade issue (e.g. you installed CIS in a previous version of Rancher successfully and were able to run scans before upgrading to Rancher 2.4.5), please open an issue with us at so we can try to reproduce it based on your environment details.

@smitphilip Most likely an issue with Rancher trying to deploy the helm chart for starting CIS pods, would be helpful to check the rancher logs. Also a quick check would be to deploy any app on this cluster from catalogs - does that work?

Thanks. I was able to find some logs in the apps page.The issue was an expired cert which caused apps to fail on installation