Image Vulnerability Scanning
Container image scanning
Image Vulnerability Scanning scans container images for known CVE vulnerabilities using multiple vulnerability databases, including NVD, Alpine SecDB, and Red Hat Security Data. The system integrates with popular container registries (Docker Hub, ECR, GCR, ACR, Harbor) and CI/CD pipelines for shift-left security. Prioritization is based on CVSS score, exploit availability, and runtime context.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Scanning against more than 10 vulnerability databases, including NVD, Alpine SecDB, and Debian Security
- Native integration with Docker Hub, AWS ECR, Google GCR, Azure ACR, and Harbor registry
- CVE prioritization based on CVSS 3.1, exploit availability, and usage context
- Admission controller blocking deployment of images with critical vulnerabilities
- Generation of SBOM in SPDX and CycloneDX formats for software supply chain transparency
Business benefits
- Detection of vulnerabilities before production deployment (shift-left security)
- 80% reduction in alert noise through intelligent contextual prioritization
- Continuous scanning of images in the registry with alerts on newly discovered CVEs
- Compliance with software supply chain security requirements (SLSA, SSDF)
- Time savings for the security team through elimination of false positives
Why Armo?
The creator of Kubescape – the most popular open-source Kubernetes security tool. ARMO offers a comprehensive KSPM (Kubernetes Security Posture Management) platform that identifies misconfigurations, vulnerabilities, and compliance issues in K8s clusters.
Need Image Vulnerability Scanning in your organization?
As a certified Armo partner, we'll help you deploy and configure the solution.