The VM images assets inventory provides insight into the risks and vulnerabilities of your VM images.
Cortex VM image scanning is an agentless scanning feature that enables you to inspect the risks and vulnerabilities of a cloud workload without installing an agent or affecting the execution of your workload.
Agentless scanning of VM images is automatically enabled upon onboarding a cloud account to Cortex Cloud. Disabling this feature prevents VM images on your account from being scanned for vulnerabilities and risks, reducing your account's overall security coverage.
Cortex Agentless scanning includes private virtual machine images across the following major cloud platforms:
Amazon Web Services (AWS): Cortex exclusively scans private Amazon Machine Images (AMIs).
Microsoft Azure: Scanning is limited to private gallery versioned Images.
Google Cloud Platform (GCP): Cortex Cloud supports scanning of private VM images.
After you onboard your cloud account, it is continuously scanned regardless of how many workloads are under that account. Whether you add or remove hosts and containers, agentless scanning keeps your workload’s security issues visible.
VM images assets inventory
To access VM images assets, go to Inventory, select → → .
The VM images assets page includes a dashboard and an inventory table.
The following table describes the default exposed properties of the VM images asset table. Select the column picker to view additional properties.
Column | Description |
|---|---|
Provider | Cloud Account Provider |
Name | Name of the VM image |
Region | Geographical location within a cloud provider's infrastructure where that VM image is located |
Architecture | Architecture of the VM image. For example: x86_64 |
Image OS | The OS distribution version. For example: 2020 or 20 |
OS Distribution | Operating System distribution details |
Operating System | Operating System on the VM image |
OS version | Version of the operating system |
Tags | User-defined label to correlate VM images and Instances |
Size | Size of the VM image |
Created At | The time when the VM Image was created in the Cloud provider |
First Observed | The first scan time of the VM image |
Last Observed | The last scan time of the VM image |
Scanners | List of scanners that have successfully scanned the Core Image asset. As the core image can be scanned by multiple scanners, the values are stored as a concatenated string of all scanner types. If no scanner data exists for an asset in the database, the default value is an empty array. This column is hidden from the default view. NoteThe data in the Scanners column is accurate only for Core Image assets. Ignore the Scanners value for assets categorized as Registry, Build, or Runtime images, as it may not reflect an accurate scan status. |
Last Scan | The Last Scan time reflects the most recent scan across all scanners for a Core Image. If no scan data is available in the database for the core image, the default value is 0. This column is hidden from the default view. NoteThe Last Scan value is only accurate for Core Image assets; ignore the Last Scan values for Registry, Build, and Runtime images, as they may be incorrect. |
VM images asset details
The VM image asset card provides a unified view of a VM image, consolidating VM details and related configuration issues and vulnerabilities found during VM image scanning.
From the VM Images table, right-click a VM image > Open in Agentic Assistant > select Application Security from the agents menu, and query VM image specific insights. This action is also available from the VM image side panel.
Overview tab: Displays a high-level summary of the VM image including OS details, findings, cases, VM scan information, and the relationship graph between the VM instance and the VM image.
Note
If the VM image is not used to create any VM instance, the graph section will show no results. This feature enables you to precisely identify the registry and repository source of any running image, directly linking runtime security findings to their origin. As a result, you can answer audit and security questions, such as determining which registry images are currently deployed in runtime.
Configurations tab: Lists all the cloud configuration issues seen during the VM image scanning. The Asset Configuration JSON section provides details of the VM image in JSON format.
Vulnerabilities tab: Lists the vulnerability findings during VM image scans as well as the packages with related vulnerabilities found during VM image scans.