Product News
Security and Compliance
ISO 27001
In this article:

We're excited to share that the latest Runecast 6.6 introduces two major milestones – not just for us, but mainly for you, our users.

The first is designed to streamline operating system security by introducing an agentless vulnerability scanning feature for all your AWS EC2 Linux instances.

The second is for anyone who needs to reduce an organisation's IT burden by offloading infrastructure management, maintenance, and security responsibilities to the service provider: Runecast SaaS.   

Additionally, our team have released further usability improvements, that help prioritise important information within the dashboard, and added new coverage for ISO 27001 for Microsoft Azure, as well as all Ubuntu CVEs dating back to 2020.

Read on to discover the highlights of this new platform release and learn how you can benefit from its latest improvements.

Agentless Vulnerability Scanning for AWS

Runecast 6.6 introduces agentless vulnerability scanning for Amazon Web Services (AWS). This new capability is designed to streamline OS security by introducing an agentless vulnerability scanning feature for AWS EC2 Linux instances. This makes vulnerability scanning particularly feasible for dynamic cloud environments, where deploying and updating agents can be burdensome. 

With version 6.6, Runecast allows users to perform vulnerability scans across all their Linux EC2 instances without the need to install agents. This not only simplifies the setup and scanning process, but also reduces the overhead associated with managing agents and any potential performance issues.

Agentless scanning in RCA
Agentless scanning Setup

Agentless vulnerability scanning significantly enhances visibility into operating system security, as this scanning method dramatically increases the number of discoverable vulnerabilities, providing a more comprehensive understanding of potential security risks.

Moreover, security and ease-of-use are at the forefront with the newly added role-based authentication for AWS accounts. By utilising AWS’s Identity and Access Management (IAM), Runecast ensures that only authorised users can perform scans, making the setup more secure and streamlined.

 IAM authentication
Authentication using IAM Role

Agentless AWS vulnerability scanning can be performed in the new Runecast SaaS offering.

Introducing Runecast SaaS

Deploying a SaaS version of Runecast reduces organisations IT burden by offloading infrastructure management and for this release, opens up a possibility for agentless AWS vulnerability scanning. Anyone can request Runecast SaaS from the portal, and perform agentless vulnerability scanning across AWS EC2 Linux instances.

Portal highlighting the Try Runecast SaaS button
Launching Runecast SaaS from Runecast Customer Portal

Runecast SaaS provides the advantage of scalability without the need for complex infrastructure management. Easily scale your resources up or down as your business requirements change, ensuring optimal performance and avoiding the hassle of hardware procurement and upgrades.

Users can connect AWS, Microsoft Azure, or Google Cloud (services which we support in our on-premises version as well) via API and scan for potential vulnerabilities, compliance violations and more. For Kubernetes scanning with Runecast SaaS, users will need to enable public access for the API, for example where K8s is deployed on AWS.

Runecast SaaS interface
Runecast SaaS interface

There is currently no difference in the licensing – our standard subscription licence covers all the systems.

Quick Access to Image Scan Results

In the world of containerization and microservices, quick access to critical data is paramount. Runecast’s version 6.6 introduces the ability to access container image scan results via its URL, through the Runecast API or Kubernetes Admission Controller. This eliminates the cumbersome step of manually selecting the organisation and facilitates seamless navigation to the relevant data.

Additional Usability & Content Improvements

Usability Enhancements

Runecast 6.6 ensures that you’re always in the loop. The platform now highlights failed analyses and expiring licences, ensuring that these critical pieces of information do not slip through the cracks. This enhancement is aimed at improving your overall experience and allowing you to make informed decisions in a timely manner.

Content Expansion

With Runecast 6.6, there’s a notable expansion in content coverage. The ISO 27001 profile, a well-established framework for information security management systems, now extends its coverage to Microsoft Azure. This is a boon for organisations leveraging Azure, as it enables them to maintain compliance with international standards more efficiently.

Additionally, Runecast has included all Ubuntu Common Vulnerabilities and Exposures (CVEs) dating back to 2020. This enables users to obtain comprehensive insights into potential vulnerabilities, making it much easier to harden security on any Ubuntu appliances.

Your security is our priority, so we're adding new knowledge definition updates, including checks for CVEs, VMSAs and other types of critical vulnerabilities to Runecast on bi-weekly basis. For more details on what we've released in the recent updates, please check the release notes.


Runecast version 6.6 is a testament to our commitment to innovation, security, and usability. With its agentless vulnerability scanning for AWS, quick access to container image scans, usability improvements, and content enhancements, this release simplifies the process of identifying and quickly addressing discovered issues.

Harness the power of Runecast 6.6 to optimise your operations, bolster security, and ensure compliance across hybrid cloud environments.

Meet other Runecasters here:

Experience agentless vulnerability scanning today

AI-powered vulnerability assessment and management in a few clicks

Explore now