Fortinet black logo

Online Help

Container Image Scan

Copy Link
Copy Doc ID f5cba41d-b79a-11ec-9fd1-fa163e15d75b:868648

Container Image Scan

Container image scan analyzes the image contents and build process to detect security and vulnerability issues. There are two types of image scan that Container Protection supports:

Registry/Repository Scan: Registry/Repository scan utilizes Common Vulnerabilities and Exposures (CVE) index regularly updated by NVD to detect underlying vulnerabilities, security flaws, and provides security best practices. The Registry/Repository image scan is performed at the registry level.

Cluster Compliance Scan: Cluster Compliance Scan analyzes the cluster security settings against the CIS Kubernetes Benchmark to provide remediation on container configuration vulnerability.

1. Automatic Scan and Configuration

After a container registry is created, Container Protection actively conducts registry/repository scan and compliance scan. The Scan Interval is the time lapse between each the previous completed scan and the start of the next scan. The scan intervals can be configured in ADMIN > Settings from the navigation menu.

After you have configured the intervals for each types of scan, click Save Changes to apply.

2. Manual Registry/Repository Scan

Alternatively, you may conduct registry/repository scan manually anytime as long as there is not another scan in progress.

Note: Manual scan does not include Cluster Compliance Scan.

The manual registry/repository scan can be accessed through CONFIGURE > Registry from the navigation menu.

  1. Select the registry from the list of registries.
  2. Then click on the setting button on the right hand side, and click Start Scan.

Note: The registry/repository scan cannot be requested again on the same registry until the previous scan is completed.

Container Image Scan

Container image scan analyzes the image contents and build process to detect security and vulnerability issues. There are two types of image scan that Container Protection supports:

Registry/Repository Scan: Registry/Repository scan utilizes Common Vulnerabilities and Exposures (CVE) index regularly updated by NVD to detect underlying vulnerabilities, security flaws, and provides security best practices. The Registry/Repository image scan is performed at the registry level.

Cluster Compliance Scan: Cluster Compliance Scan analyzes the cluster security settings against the CIS Kubernetes Benchmark to provide remediation on container configuration vulnerability.

1. Automatic Scan and Configuration

After a container registry is created, Container Protection actively conducts registry/repository scan and compliance scan. The Scan Interval is the time lapse between each the previous completed scan and the start of the next scan. The scan intervals can be configured in ADMIN > Settings from the navigation menu.

After you have configured the intervals for each types of scan, click Save Changes to apply.

2. Manual Registry/Repository Scan

Alternatively, you may conduct registry/repository scan manually anytime as long as there is not another scan in progress.

Note: Manual scan does not include Cluster Compliance Scan.

The manual registry/repository scan can be accessed through CONFIGURE > Registry from the navigation menu.

  1. Select the registry from the list of registries.
  2. Then click on the setting button on the right hand side, and click Start Scan.

Note: The registry/repository scan cannot be requested again on the same registry until the previous scan is completed.