Container image discovery
The Discovery and Service Mapping Patterns application uses the Scan Container Image pattern to discover Docker images and OS packages data. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Verify the REST API Permissions
Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.
For information about performing a container image scan, see Scan container images.
The Scan Container Image pattern supports Aqua Trivy starting with version 0.44.0. The last version validated is 0.68.2.
- Public repositories
- Self-hosted private repositories
- Amazon Elastic Container Registry (Amazon ECR), both public and private repositories
Starting with version 1.27.0, Discovery and Service Mapping Patterns enables you to control whether to link software packages to containers or only to images. For more information, see Link software package information to images only.
Data collected by Discovery for container image scans
| Field | Description |
|---|---|
|
Application [cmdb_ci_appl] table |
|
|
Name [name] |
Name of the container application. The MSSQL application record required name format: ApplicationTableName@containerName Example: MSFT SQL Instance@/sql1 |
|
Container environment variables [cmdb_container_environment_variables] table |
|
| Container [container] | Name of the container. |
| Key [key] | Name of the Container environment variable. |
| Value [value] | Container environment variable value. |
Temporary tables for container image scans
| Field | Description |
|---|---|
|
Container image scan Status [sn_itom_pattern_container_image_scan_status] |
|
| Image [image] | Name of the container image. |
| Message [message] | Errors or issues with the scanning process. |
| CI Class [ci_class] | The image CI class based on the image command details. |
| Discovery status [discovery_status] | The discovery status record of the image scan. |
| Scan Status [scan_status] | The scan status. The available values are:
|
|
Container image OS packages [sn_itom_pattern_container_image_os_packages] table |
|
| Image [image] | Name of the container image. |
| Package Name [package_name] | Name of the software package. |
| Package Version [package_version] | Version of the software package. |
| Package Maintainer [package_maintainer] | Name of the package maintainer. |
|
Container Enrich Scripts [sn_itom_pattern_container_enrich_scripts] |
|
| Active [active] | Whether the enrich script state is active. |
| CI Type [ci_type] | The CI type to which the enrich script is applicable. |
| Order [order] | Execution order of a particular script. |
| Script [script] | The enrich script name. |
Relationships
These relationships are created to support the container image discovery.
| CI | relation | CI |
|---|---|---|
|
cmdb_ci_appl |
Runs on::Runs |
cmdb_ci_oslv_container |
|
cmdb_ci_docker_container |
Extends from |
cmdb_ci_oslv_container |
|
cmdb_ci_oslv_container |
Extends from |
cmdb_ci |
|
cmdb_ci_oslv_container |
Reference only |
cmdb_container_environment_variables |
|
container_enrich_scripts |
Extends from |
sys_metadata |
|
cmdb_container_environment |
Extends from |
cmdb_key_value |
| cmdb_ci_db_mssql_instance | Runs::Runs on | cmdb_ci_docker_container |