Container image discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • The Discovery and Service Mapping Patterns application uses the Scan Container Image pattern to discover Docker images and OS packages data. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    For information about performing a container image scan, see Scan container images.

    The Scan Container Image pattern supports Aqua Trivy starting with version 0.44.0. The last version validated is 0.68.2.

    Starting with Discovery and Service Mapping Patterns version 1.18.0, the Scan Container Image pattern supports scanning container images in the following repositories:
    • Public repositories
    • Self-hosted private repositories
    • Amazon Elastic Container Registry (Amazon ECR), both public and private repositories

    Starting with version 1.27.0, Discovery and Service Mapping Patterns enables you to control whether to link software packages to containers or only to images. For more information, see Link software package information to images only.

    Container image data model

    The following CI classes are part of the data model used by this pattern.

    Table 1. CI class hierarchy
    CI class Extends from
    Docker Container [cmdb_ci_docker_container] Operating-system-level Virtualization Container [cmdb_ci_oslv_container]
    Operating-system-level Virtualization Container [cmdb_ci_oslv_container] Configuration Item [cmdb_ci]
    Container Environment Variables [cmdb_container_environment_variables] Key Value [cmdb_key_value]
    Container Enrich Scripts [sn_itom_pattern_container_enrich_scripts] Application File [sys_metadata]

    Data collected by Discovery for container image scans

    Discovery populates the data in the CMDB when running the Scan Container Image pattern.
    Table 2. Application [cmdb_ci_appl]
    Field Description

    Name [name]

    Name of the container application.

    The MSSQL application record required name format: ApplicationTableName@containerName

    Example: MSFT SQL Instance@/sql1
    Table 3. Container Environment Variables [cmdb_container_environment_variables]
    Field Description
    Container [container] Name of the container.
    Key [key] Name of the Container environment variable.
    Value [value] Container environment variable value.

    Temporary tables for container image scans

    Note:
    If you're using the 1.0.98 version to collect the data, the enriched scripts are supported only with MSSQL.
    Table 4. Data collected during horizontal discovery
    Field Description

    Container image scan Status [sn_itom_pattern_container_image_scan_status]
    Image [image] Name of the container image.
    Message [message] Errors or issues with the scanning process.
    CI Class [ci_class] The image CI class based on the image command details.
    Discovery status [discovery_status] The discovery status record of the image scan.
    Scan Status [scan_status] The scan status. The available values are:
    • None - The image isn't scanned yet.
    • In Progress - The image scan is in progress.
      Note:
      If one or more images are in progress, the next scan won't trigger.
    • Scanned - The image was scanned successfully.
    • Error - A problem occurred during the image scan. Check the message column for details.
    • Skipped - The image URL isn't formed properly or isn't reachable.

    Container image OS packages [sn_itom_pattern_container_image_os_packages]
    Image [image] Name of the container image.
    Package Name [package_name] Name of the software package.
    Package Version [package_version] Version of the software package.
    Package Maintainer [package_maintainer] Name of the package maintainer.

    Container Enrich Scripts [sn_itom_pattern_container_enrich_scripts]
    Active [active] Whether the enrich script state is active.
    CI Type [ci_type] The CI type to which the enrich script is applicable.
    Order [order] Execution order of a particular script.
    Script [script] The enrich script name.

    CI relationships

    The Scan Container Image pattern creates the following relationships and references to support container image discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Table 5. CI relationships
    CI Relationship CI
    Application [cmdb_ci_appl] Runs on::Runs Operating-system-level Virtualization Container [cmdb_ci_oslv_container]
    MSFT SQL Instance [cmdb_ci_db_mssql_instance] Runs::Runs on Docker Container [cmdb_ci_docker_container]
    Table 6. CI references
    CI Field Referenced CI
    Container Environment Variables [cmdb_container_environment_variables] Configuration item [configuration_item] Docker Container [cmdb_ci_docker_container]