Container Image Scan Recipes
Use Oracle Cloud Infrastructure Vulnerability Scanning Service to create and manage recipes that scan target container images for potential security vulnerabilities.
- The Container Registry Console (see Scanning Images for Vulnerabilities)
- The Vulnerability Scanning Console, API, or CLI
Container Registry lets you share and manage container images (such as Docker images) by storing them in repositories. A repository is a named collection of related images that are grouped for convenience. During the deployment of an application to a Kubernetes cluster, one or more images can be pulled from a repository to start containers on the cluster.
When you create a new repository in Container Registry, image scanning is enabled by default on the repository. Every time an image is pushed to the repository, it's scanned for security vulnerabilities. Container Registry automatically rescans any images in the repository that have changed since the previous scan. You can also disable image scanning on a particular repository.
A container image scan recipe is assigned to targets, and each target is associated with one or more repositories in Container Registry.
When a target is created, the Vulnerability Scanning service scans a specified initial number of images in the target repositories (one image by default). After this initial scan, the service also scans any new image that's pushed to the target.
This section contains the following topics: