Vulnerability management (container scanning and host scanning) tools

Automate image scanning within CI/CD pipelines and registries

Embed image scanning, aka docker security scanning, directly in your CI/CD pipeline (Jenkins, Bamboo, GitLab, CircleCI, GitHub Actions, Azure Pipelines, etc). Catch OS and non-OS vulnerabilities, misconfigurations, credential exposures, and bad security practices.

Implement registry scanning with any Docker v2 registry (Quay, Amazon ECR, DockerHub Private Registries, Google Container Registry, Artifact Registry, JFrog Artifactory, Microsoft ACR, SuSE Portus, and VMware Harbor, etc.).

Leverage out-of-the-box Dockerfile best practices and compliance

Detect container vulnerabilities and risky configurations with out-of-the-box Dockerfile best practices.

Set custom container scanning and registry scanning policies to detect mistakes and bad security practices early.

Meet regulatory standard frameworks for container compliance like NIST SP 800-190, PCI DSS and HIPAA.

Seamless integration in your own build environment

Maintain complete control of your images by adopting Sysdig’s inline scanning. Scan within your CI/CD pipeline, registry, or at runtime while only shipping the scan results back to Sysdig.

Scan serverless workloads

Automatically scan AWS Fargate containers for vulnerabilities directly in ECR. Scan serverless containers on Google Cloud Run via a GCR integration.

Implement container scanning at runtime

Assess the risk impact of new CVEs quickly for hosts and by embedding image scanning (docker security scanning) tools at runtime. Continuously monitor for these vulnerabilities without rescanning images, map the vulnerabilities back to specific applications, and identify the team that needs to fix them.

Automatically prioritize container vulnerabilities

Automatically prioritize the vulnerabilities that are tied to packages loaded at runtime and eliminate noise from vulnerabilities that don’t pose real risk. Avoid vulnerability overload and fix issues faster by alerting only what matters and providing actionable insights.

Avoid deploying unscanned image

Using a Kubernetes admission controller, you can block unscanned or vulnerable images from being deployed onto the cluster.

Instantly scan for host vulnerabilities in seconds

Maximize compliance coverage for PCI, NIST, SOC2, etc. by meeting host scanning requirements. Reduce time to fix by assessing security impact and ownership using rich cloud/k8s context.