cloud-security

Container Image Scanning

Definition

Container image scanning analyzes container images for known OS package vulnerabilities, application dependency CVEs, hardcoded secrets, and misconfigurations before images are deployed to production. Scanning occurs at image build time in CI/CD pipelines and can also be applied continuously in container registries.

Tools like Trivy, Grype, and Snyk Container integrate with registries (ECR, GCR, ACR) to gate promotion of images with critical vulnerabilities.

Related Terms

Container Security

Runtime Security

SBOM

Software Bill of Materials

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product