Container Vulnerability Scanning
Automated daily scanning of container images to identify security vulnerabilities.
What Is Vulnerability Scanning?
Every container image (like nginx:1.20 or python:3.11) contains software that might have known security vulnerabilities. We automatically scan all your images daily to find these issues and provide:
- Clear vulnerability descriptions with context
- Severity ratings to help prioritize fixes
- Affected images and their locations in your cluster
- Recommendations for updating to secure versions
Tip: No Security Expertise Required
We translate CVE severity scores and technical details into clear risk levels. You'll understand what matters without needing to be a security expert.
How Scanning Works
Automatic & Daily: Every 24 hours, we scan all publicly available container images running in your cluster using Trivy, an industry-standard security scanner.
What We Scan:
- Operating system packages (Alpine, Ubuntu, Debian, etc.)
- Application dependencies (npm, pip, Maven, etc.)
- Language libraries (Node.js, Python, Go, Java, etc.)
Zero Configuration: Scanning starts automatically when you install ClusterPirate — no setup required.
How It Works
Automatic Scanning
Daily Scans: All publicly available container images running in your cluster are automatically scanned once per day.
Scanner: Powered by Trivy, an industry-standard open-source vulnerability scanner.
Coverage: Scans detect vulnerabilities in:
- Operating system packages (Alpine, Debian, Ubuntu, RHEL, etc.)
- Application dependencies (npm, pip, gem, Maven, etc.)
- Language-specific libraries
Scan Process
- Image Discovery: Platform identifies all container images in use
- Daily Scan: Trivy scans each image for known vulnerabilities
- CVE Database: Results compared against latest CVE databases
- Portal Update: Findings displayed in the CVE Scans section
Viewing Scan Results
Via Web Console
Access CVE scan results through the portal:
- Navigate to portal.cloudpirates.io
- Select your workspace and observability instance
- Choose cluster
- Go to CVE Scans section
Scan Results Display
Dashboard Features:
- Total vulnerability count by severity
- Affected images list
- CVE details and descriptions
- Remediation recommendations
- Scan timestamps
Scan Limitations
Private Images
Current Limitation: Only publicly available images are scanned.
Private Registry Support: Coming soon
- Secure credential management
- Private registry integration
- Custom registry support
Scan Frequency
Daily Scans: Images are scanned once per 24-hour period.
On-Demand Scans: Not currently available (planned feature).
False Positives
Some CVEs may not be exploitable in your specific context:
Review Factors:
- Is the vulnerable component actually used?
- Does the attack vector apply to your deployment?
- Are mitigating controls in place?