A Scan of the Container Vulnerability Scanner Landscape

Container registries and vulnerability scanners are often bundled together, but they are not the same thing. Code scanning may occur at multiple points in a container deployment workflow. Some scanners will be bundled with existing solutions, while others are point solutions. There differences can be measured by the data sources they use, what is being checked, and the actions are automatically taken as the result of a scan.

Scanners review artifacts based on a certain set of criteria, such as policies or the inclusion of specific code. For the purposes of this article, we focus just on scanning for vulnerabilities in both applications and container images. Scans of applications can determine if they were built using widely tested packages coming from popular repositories. Scanning images can also review applications, but in addition it looks for vulnerabilities due to the unique deployment environments they were built for.


The featured image came from Pixabay. The complete article can be found here.