What Is Container Scanning?
Container scanning is a pipeline check that analyzes a container image's installed packages and libraries against vulnerability databases to flag known issues. It runs on the built image, so it sees exactly what will be deployed. Findings are reported as part of the pipeline, often gating a release.
Why it matters
An image often inherits vulnerabilities from its base layers and dependencies long after the code was written. Scanning the final image catches those before it reaches production. Wiring it into CI means every build is checked automatically rather than relying on periodic manual audits.
Related guides
What Is a DAST Scan?A DAST scan tests a running application from the outside by sending crafted requests, finding vulnerabilities…
What Is License Compliance Scanning?License compliance scanning detects the open-source licenses of a project's dependencies and flags any that v…
What Is a Container Registry?A container registry is a storage and distribution service for container images, where builds push and deploy…