diff --git a/backend/pkg/k8s/cilium-scanner.go b/backend/pkg/k8s/cilium-scanner.go
index 6a761d9..bd7acf4 100644
--- a/backend/pkg/k8s/cilium-scanner.go
+++ b/backend/pkg/k8s/cilium-scanner.go
@@ -189,6 +189,10 @@ func determinePodCoverage(clientset *kubernetes.Clientset, nsName string, polici
 	}
 
 	for _, pod := range pods.Items {
+		// Skip pods that are not in running state
+		if pod.Status.Phase != corev1.PodRunning {
+			continue
+		}
 		podIdentifier := fmt.Sprintf("%s/%s", pod.Namespace, pod.Name)
 		if _, exists := globallyProtectedPods[podIdentifier]; !exists {
 			if !IsPodProtected(writer, clientset, pod, policies, hasDenyAll, globallyProtectedPods) {
diff --git a/backend/pkg/k8s/scanner.go b/backend/pkg/k8s/scanner.go
index fdbcfba..c67204b 100644
--- a/backend/pkg/k8s/scanner.go
+++ b/backend/pkg/k8s/scanner.go
@@ -165,6 +165,10 @@ func determineUnprotectedPods(clientset *kubernetes.Clientset, nsName string, co
 	}
 
 	for _, pod := range allPods.Items {
+		// Skip pods that are not in running state
+		if pod.Status.Phase != v1.PodRunning {
+			continue
+		}
 		if !coveredPods[pod.Name] {
 			podDetail := fmt.Sprintf("%s %s %s", nsName, pod.Name, pod.Status.PodIP)
 			if !containsPodDetail(scanResult.UnprotectedPods, podDetail) {