Registries are a fundamental stage in the lifecycle of container images. Container registries accumulate large amounts of images, some of which are obsolete or no longer suitable for runtime, and registry scanning provides the necessary security to avoid degradation of the posture.
- Sysdig’s Vulnerability Management cycle and the benefits of scanning in all three phases
Install and configure the registry scanner on various private registries. For information, see: Install Container Registry Scanning
Registry Scanning Results
Ensure that the registry scanner is installed and at least one scheduled scan job is completed.
Log in to Sysdig Secure and go to
Vulnerabilities|RegistryLanding Page to see the overview of all registries where a scanner is installed.
The interface mirrors the pipeline and runtime interfaces where you can:
- Browse or search registries or repos.
- Search by image or tag.
- Review detected vulns by severity and exploit status.
Select an image to access the detail panels.
This section focuses on the package view and filters for those that are fixable. You can click on the cells to view the Vulnerabilities list.
Use the expanded filters and clickable list of CVEs to view complete CVE details, including source data and fix information.
The same security finding (for example, a particular vulnerability) can be present in more than one rule violation table if it violates several rules.
Use the filters to find, for example, vulnerabilties with:
Critical, Has Fix, Exploitable
You can view data organized by package view, with expanded filters and clickable CVE cells.
Check for the software packages that are most dangerous.
Accept Risk: Registry
In this release of Registry Scanner, Policies and Accept Risk are not yet implemented.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.