How Container Registry Scanning Works - Administrator Guide - Cortex XSIAM - Cortex

How Container Registry Scanning Works - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

The process of container registry scanning consists of three key phases: discovery, scanning, and evaluation.

Discovery: The connector discovers all registries, repositories, and tags within the account.
Scanning: The connector extracts software bills of materials (SBOMs), malware indicators, and secrets from each image.
Evaluation: Scan results are evaluated for vulnerabilities, malware, and secrets, and asset findings are created accordingly.