Last Updated: 2025-05-27
Purpose
This article describes how to set up a Docker Image Discovery scan.
Introduction
A Docker image is a file used to execute code in a Docker container. Docker images act as a set of instructions to build a Docker container, like a template. Docker images also act as the starting point when using Docker. An image is comparable to a snapshot in virtual machine (VM) environments.
The Docker Image Discovery feature scans private Docker registries using the Docker Registry HTTP API V2 to enumerate images, capturing details like name, operating system, architecture, and size for latest tagged images. Integrated with OUTSCAN RC and a HIAB container inspection scanner, it catalogs Docker assets under the Cloudsec source filter in the Assets section. This tool is vital for organizations to maintain a clear inventory of container images, enhancing security and management of Docker environments.
Requirements
To access a private registry, a Docker account with its credentials is required.
When scanning a Docker image using OUTSCAN RC, a HIAB deployed as a container inspection scanner is required. For more information, see Use Appsec Scale with OUTSCAN RC
Run a Docker Image Discovery Scan
Prerequisite
Prior to running a Docker discovery, make sure you have created the Docker credentials.
Running the Scan
A Docker Registry discovery function retrieves image information from a private Docker Registry such as name, OS, architecture and size.
The discovery will only find Docker images with the latest tag to limit the number of Docker images and improve visibility.
To perform a Docker discovery:
-
Navigate to Configurations > Scan Configurations in the Main Menu.
-
Click on the
-
Select Docker image discovery.
-
Fill in the required information.
-
Select a scanner.
-
Click on ADD to save the newly created configuration.
-
Select the Scan configuration and click on the scan now
-
View the scan status under Scans in the Main Menu.
-
View the discovered assets, Docker images under Assets. They are shown in the list of assets with the filter 'source' set to Cloudsec, and the type set to Docker Image.
.png?cb=38425070d7725397b3359d8a9a1f5b73)
Related Articles
- Docker Image Assessment
- How to Scan AWS ECR Images
- Generate Azure Credentials
- Container Inspection - Azure
- Import Cloud Image on AWS
- Google Cloud Platform Credentials
- Microsoft Azure Credentials
- Azure Cloud Discovery
- Docker Credentials
- Amazon
- Cloud Discovery
- Scan a Docker Image
- Configure Application Gateway for HIAB on Azure
- Amazon Web Services Credentials
- Change Hard Drive Size on HIAB in Amazon Web Services
- Change Instance Type on HIAB on Amazon Web Services
- Cloud Discovery on HIAB
- Generate AWS Credentials
- Extend HIAB Disk Space on Azure
- AWS Scanning with OUTSCAN
- Cloud Assessment
- Generate GCP Credentials
- Google Registries Scanning with Container Inspection
- Deploy HIAB on Amazon Web Services
- Cloudsec Scan Configuration
- Docker Image Discovery
- Importing Tags for AWS Discovery
- Deploy HIAB on Microsoft Azure
- Vulnerabilities