IS_MODULE
Software Development - Build and CI/CD

Image Scanning

Automatically scan container images for security vulnerabilities during the build pipeline to prevent deploying compromised artifacts into production environments.

High
Security Engineer
Team members interact with a large, glowing, three-dimensional data structure displayed in a dark environment.

Priority

High

Execution Context

This integration function executes real-time vulnerability scanning on container registry images within the CI/CD pipeline. It integrates with vulnerability databases to identify known CVEs, generates detailed risk reports, and enforces blocking policies for non-compliant images. The process ensures that only hardened, verified containers proceed to deployment stages, maintaining strict security posture across microservices architectures.

The system triggers image scanning immediately after a container build completes but before any artifact is tagged or pushed to the registry.

Vulnerability data is fetched from trusted sources and cross-referenced against the specific software versions present in the scanned image layers.

Results are categorized by severity, with critical and high-risk findings automatically halting the pipeline execution.

Operating Checklist

Initiate scan job upon successful container image build completion.

Extract software inventory and layer metadata from the container image.

Query vulnerability databases to match detected packages against known CVEs.

Generate compliance report and execute pipeline block if critical vulnerabilities found.

Integration Surfaces

Build Agent

Executes the scanning agent within the container environment to perform low-level image analysis.

Vulnerability Database API

Provides real-time access to CVE and threat intelligence data for accurate matching.

Pipeline Orchestrator

Receives scan results and enforces go/no-go decisions based on configured risk thresholds.

FAQ

Bring Image Scanning Into Your Operating Model

Connect this capability to the rest of your workflow and design the right implementation path with the team.