I know the vulnerability information is a work in progress, but does anyone know why ubuntu hosts appear to be reported on, but plain old debian does not? Just curious.

Does the software inventory for the debian host show up? Was it recently added when you checked that? The vulnerability matching runs on an interval, so it's possible it had not yet run.

I have had them all registered and online for about a week? (First with orbit, now using plain osquery.) But I will keep watching.

That should be long enough. Do you have the software inventory for the Debian host?

None of the debian hosts are listed in the "Software" area of the main page -- I am assuming this is what you mean when you are referring the software inventory? (I can do deb_packages searches for all hosts.)

If you go to the "details" page for one of those hosts is there any software table?

No, just for the Ubuntu hosts

What Debian version are you using? I'd like to try to reproduce this locally.

online Debian GNU/Linux 10.0.0 5.0.1

Click the avatar in the top right then go to account settings

Sorry for the lag; I was looking through the docker logs 🙂 Fleet 4.6.0 • Go go1.17.2

Okay thank you for all that. It seems I can reproduce the missing software inventory on Debian hosts locally.

OK! 🙂

(This week)

Well thanks for the super helpful responses

Thanks for the report!