Container image scans for software decomposition
The Discovery and Service Mapping Patterns scanning process, collects data on container images and OS packages. Increase your control over container deployment by viewing a preview of the container components.
Image scanning process
Container Image Scan uses the Aqua Trivy tool and runs scheduled jobs to discover container images and OS packages at fixed intervals of 10 images per minute. During the scan, the Pattern indicates the scanning status. The Pattern discovers OS packages that are related to an image. Then, it finds the image command attributes like the CI class. Based on the command attributes the Pattern creates application records. In addition, the Pattern uses enriched scripts to enrich the application records. After that, the Pattern maps the relations between the OS packages and the containers.
Part of the data is populated in CMDB tables and part of it in transform tables (non-CMDB temporary tables). The transform tables are installed with the Pattern. For example, the information you get by scanning includes origin registry, software name, version and so on.Benefits of a vulnerability preview
- Scanning your containers with this pattern gives you visibility into what's inside Kubernetes or Docker containers or OS packages.
- The scanning process can flag vulnerable container images.
- It helps you adhere to company policies like usage of golden images, outdated software, mandatory labels, or configuration policies​.
- Scanning also helps you manage licensed software running in containers​.
- You can also get the service context​ by using tags, and service mesh to understand their impact on your organization.