The Container Images asset inventory provides a centralized view of all scanned container images and their details across your environments, enabling efficient tracking and management to ensure compliance with security and governance standards
Container Images are fundamental, immutable assets that package applications and their dependencies for consistent deployment across cloud environments. Each image is uniquely identified by a SHA256 digest, ensuring content verifiability throughout its lifecycle across build, deploy, and run stages. You can assign multiple names and tags to a single container image, allowing you to reference the same image in various contexts and versions within container registries.
Container images are represented as different asset types based on where they exist in the lifecycle. Understanding these types helps you investigate findings, track lineage, and apply policies effectively. You can also use this information to:
query assets by image Type using graph searches or XQL
group assets based on image classification
apply cloud workload policies to monitor and protect your environment
The container images asset inventory provides a centralized view of all scanned container images and their details across your environments. The platform enables efficient tracking and management of your container images, ensuring compliance with security and governance standards.
The following table summarizes each container image type, its purpose, and key characteristics to help you effectively manage container images.
Image Type | Description | Key Characteristics |
|---|---|---|
Core Image | Represents the immutable content of the container image. | Purpose:
Properties:
Relationships with other image types:
User Interaction:
|
Build Image | Represents a container image created from a CI/CD pipeline or build processes. | Purpose:
Properties:
Relationships with other image types:
User Interaction:
|
Registry Image | Represents a container image stored within a container registry (for example, AWS ECR, Azure ACR, Google GAR, JFrog Artifactory, Docker). | Purpose:
Properties:
Relationship with other image types:
User Interaction:
|
Runtime Image | Represents container images stored, running, or defined in a workload asset (such as VMs, Kubernetes workloads). | Purpose:
Properties:
Relationships with other images:
User Interactions:
|
To access container images assets, go to Inventory, select → → .
The container image assets inventory provides a centralized view of all scanned container images and their details across your environments. The platform enables efficient tracking and management of your container images, ensuring compliance with security and governance standards. The container images assets page includes a dashboard with OS Distro, OS Version, and Base Image widgets displayed by default, and an inventory table. Selecting a widget automatically filters the inventory table based on the widget's criteria.
The inventory table includes the following fields. You can filter results by any heading and value:
Fields | Description |
|---|---|
Asset ID | A unique identifier assigned to the image. |
Provider | The provider that hosts cloud assets, such as AWS, Azure, Docker, GCP, JFrog Artifactory, OCI, and Not Applicable (for core images). |
Asset Type | Types of container images:
|
Name | The container image name. |
Image Type | Image file format. For example, Docker and OCI formats. |
Image Identifier | A unique identifier assigned to a specific version of a container image, used to distinguish it from other images and ensure consistency across deployments. |
Names | Aggregation of all the observed image names over time. |
Realms | Indicates which connector the registry belongs to. For managed registries (such as ECR, GAR, and ACR), this field shows the CSP account. |
SDLC Stages | Shows the SDLC stage when the image was created. For example, Runtime. |
Base Image | Displays the number of images derived from the base image. For example, Base image |2 indicates there are two images derived from it. |
Tags | Labels assigned to container images to identify and reference specific versions or variants. |
Digest | A unique, content-based SHA256 hash that immutably identifies a specific container image version. |
Architecture | The CPU architecture for which the container image is built. For example, amd64, arm64, x86 |
Image OS | The base operating system environment version the container image uses. For example, 12.10 |
OS Distribution | The operating system (OS) distribution name. For example, Debian. |
Operating System | Operating system details of the image. For example, Linux. |
OS Version | The version or release number of that OS distribution. For example, 20.04 for Ubuntu) |
OS Concat | Shows combined values of OS distribution and OS version. For example, Debian 11 or Debian bookworm. |
Size | Size of the container image in bytes. |
First Observed | Timestamp of when the image was first observed by the source that reported it. |
Last Observed | Timestamp of when the image was last observed by the source that reported it. |
Scanners | List of scanners that have scanned the container image. As the container image can be scanned by multiple scanners, the values are stored as a concatenated string of all scanner types. If no scanner data exists for an asset in the database, the default value is an empty array. This column is hidden from the default view. |
Last Scan | Timestamp of the most recent scan time for the container image, considering all scanners that have scanned it. If no scan data exists in the database for the container image, the default value is 0. This column is hidden from the default view. |
On the Container Image page, select an asset in the inventory table to open a detailed Asset card, which provides additional, in-depth information about the asset. The information is organized into tabs, including an Overview tab (displayed by default) that provides highlights and a general summary, while contextual tabs focus on particular properties of the asset. The card also includes details about detected risks, allowing you to explore them directly from the asset inventory. You can also perform actions on the asset using the Actions menu.
The Overview tab summarizes container image Highlights, Properties, Scan information details, and Relationships between the current image and its Core Image.
Highlights include:
Critical/High issues: An aggregation of critical and high issues associated with the container image. Clicking on this property redirects you to the Issues page, filtered by specific asset and severity level.
Visibility timeline: When the container image was first and last detected.
Properties include:
Includes identifying information and cloud location of the container image: Name, ID (such as ARN in AWS), cloud Provider, cloud Region, and Account ID.
Additional details: Includes Asset category, Asset Groups, Image Digest, Base image name along with its URL (if present), and Image name.
OS/ARCH includes:
OS information: Includes OS related information for that container image, such as OS distro, OS release, size in bytes, operating system, Docker Labels, and the type of architecture the image is compatible with.
Scan information includes:
Information about the last scan, including scanner name, version, and scan status for vulnerabilities, compliance, secrets, and malware.
Relationships include:
Information about how each logical image (Build, Registry, Runtime) is linked to the Core Image it represents, ensuring that any findings related to the Core Image are contextualized within the scope of the logical images.
This feature enables you to precisely identify the registry and repository source of any running image, directly linking runtime security findings to their origin. As a result, you can rapidly answer complex audit and security questions, such as determining which registry images are currently deployed in runtime. You can also associate images with specific base images used within your organization by defining Base Images rules. This provides clearer visibility into image lineage and simplifies investigation workflows.
The SBOM tab displays details about the Software Bill of Materials (SBOM) generated by the scanning process. Exposed properties include Type, Name, Binary Packages, Version, Path, and License.
Export SBOM: You can export the entire SBOM, or selected attributes from any of the tabs in the expanded card:
Select → . Supported formats: XML, json
The Vulnerabilities tab provides inventories for Findings, Packages, and Layers, enabling you to assess potential risks and prioritize remediation efforts.
Findings: Displays a list of findings, along with their associated CVE ID and description, EPSS score, CVSS score and severity, CVE risk factors, affected software, and fix versions, when available.
Packages: Displays a list of packages, their name and version, the total number of vulnerabilities found within each package, a breakdown of vulnerabilities by severity level and count, their EPSS (Exploit Prediction Scoring System), which estimates the likelihood of exploitation; CVSS (Common Vulnerability Scoring System), which rates the technical severity of the vulnerability; location; base image vulnerability; and whether a fix is available.
Layers: Displays the various layers and their contents within a container image.
The Compliance tab provides visibility into how an asset aligns with assigned security standards and individual controls. Use this tab to evaluate compliance posture and investigate specific control results.
Overall Compliance Score: Displays the asset’s compliance score, along with the number of standards and controls used in the assessment. Use this metric for a high-level view of how the asset aligns with evaluated standards.
Controls by Status: Shows the distribution of controls across Passed, Failed, and Not Assessed. Click a specific status to filter the Standards and Controls data.
Standards, Score, Controls Passed: Lists the standards by which the asset is assessed, including the score and passed control count for each.Controls Table: An exhaustive list of controls for which an asset may be assessed including columns for Standard, Category, Control, Severity, and Status.