Cloud Native + Kubernetes image scanning.

Vulnerability security scanning with Sysdig Secure.

Cloud-native vulnerability management.

Scan images and block vulnerabilities across your CI/CD pipeline, container registry and in production on Kubernetes environments.

Cloud Native vulnerability management

Learn more about running secure containers in production.

enforce icon

Build continuous security into your CI/CD pipeline.

Catch vulnerabilities prior to being pushed to production by integrating with your CI/CD pipeline, image registries or with Kubernetes admissions controllers.

Automate icon

Automate Kubernetes security scanning policies for DevSecOps.

Out of the box Kubernetes compliance reports and security scanning policies that notify the developers even after images have been deployed in production.

dashboard icon

Leverage extensive vulnerability feeds for container image scanning.

Tap into extensive vulnerability feeds to provide detailed assessments for OS packages + 3rd party libraries including Java archives, Node.js NPM’s, Ruby GEM’s, Python PIP, etc.

Continuous security for your Cloud-native CI/CD pipeline.

Image scanning with Jenkins

Container vulnerability scanning + CI/CD security.

DevSecOps teams want to shift left security for containers and Kubernetes. Sysdig Secure integrates with CI/CD tools to scan images prior to being pushed to production. Sysdig Secure has a Jenkins scanning plugin and APIs to integrate with other CI/CD tools like Atassian Bamboo, CircleCI, Concourse, etc.

Container image registry scanning.

Sysdig supports any Docker v2 compatible registry including CoreOS Quay, Amazon ECR, DockerHub Private Registries, Google Container Registry or JFrog Artifactory, Microsoft ACR, SuSE Portus and VMWare Harbor to scan stored container image.

Container image registry scanning
Kubernetes vulnerability management

Kubernetes admission controller for vulnerability management.

Using a Kubernetes admission controller, any container image can be validated against Sysdig Secure to prevent unscanned or vulnerable images from being deployed on production. This is a non-intrusive approach to validate images at the orchestration level rather than at container runtime.

Cloud Native Kubernetes vunerability scanning policies for DevSecOps needs.

NIST image scanning policy
container compliance

Out-of-the-box container security scanning policies.

Sysdig provides out of the box Kubernetes security scanning policies that can be customized to fit your organization’s security and container compliance requirements such as CIS benchmarks, NIST, PCI and others. These policies can scan for vulnerabilities in packages, exposed credentials, security best practices on Dockerfile instructions and even reliability best practices.

Custom vulnerability scanning policies.

Sysdig Secure allows users to create specific Docker + Kubernetes security scanning policies to different workflows, pipelines and environments. For example do not allow any Java vulnerabilities qualified as high or medium when there is a vendor fix available in my production environment.

Vulnerability scanning policy
Running images vulnerability scanning

Continuous Kubernetes security scanning after deployment.

Sysdig Secure automatically generates an inventory of each image content and continuously checks for any new vulnerabilities or CVEs that are published once containers are running in production without having to re-scan the images. Get notified immediately when a new CVE is released that might affect a running application.

Scope images and vulnerabilities by Kubernetes resources.

As a developer or application owner, you can easily scope your images and vulnerabilities by Kubernetes or cloud metadata, like service, deployment or application, to just look at the applications you run and what’s important for you. Find the needle in the haystack quicker.

Kubernetes grouping editor
Vulnerability management CVE whitelisting

Vulnerability management with CVE whitelisting.

Sometimes specific CVEs are not applicable to your apps. You can add reduce noise for your development teams by specifying ignore or whitelist exceptions so container image scanning checks do not take those into account.

Alerts on failed vulnerability scanning + remediation.

Configure flexible alerts for specific failed scans. Set up different notifications to Slack, PagerDuty or others by service or application or by team. Reduce alert noise just notifying the right people with actionable information (vulnerabilities or configuration) so they can quickly respond and fix it.

NIST SP 800 190 vulnerability scan

Container vulnerability scanning with extensive security vulnerability feeds.

Vulnerability feeds sources

Vulnerability feeds based on 15+ trusted sources.

Sysdig Secure allows you to continuously perform vulnerability scanning on your images pre-deployment as well as during production for any known vulnerabilities. We have access to extensive 3rd party feeds such as:

  • Debian, Ubuntu, CentOS security trackers
  • + more

3rd party libraries vulnerability scanning.

Detect vulnerabilities on 3rd party libraries and components installed on top of the based image: Java JAR archives, Node.js NPM’s, Ruby GEM’s, Python PIP, Perl CPAN, etc and additional vulnerabilities coming from specialized providers expanding existing vulnerabilities and adding new ones specific to other languages like .NET, Golang, PHP and more!


3rd party image scanning
Nicolas Kramer

With Sysdig’s container intelligence platform Quby gained complete visibility into the performance, health, and security of their new infrastructure and container applications.


Ready to talk with an expert
about your Cloud-native Security?

Schedule a live demo

Sysdig Monitor

On-Demand Webinar

Running Containers in Production for Dummies.

Given by the authors of the new book - Running Containers in Production for Dummies. Are you new to containers?…

- Hosted by Jorge Salamero Sanz, Eric Carter, Knox Anderson

Sysdig Monitor

Find out the Latest

29 Docker security tools compared.

There are quite a few Docker security tools in the ecosystem, how do they compare? We have gathered a list…