Registry

As part of managing vulnerabilities on your system, integrate Sysdig Secure with your container registry to add a layer of defense between pipeline and runtime and enhance defense depth. This page describes how to use the Vulnerability scan results found on the container registry.

Registries are a fundamental stage in the lifecycle of container images. Container registries accumulate large amounts of images, some of which are obsolete or no longer suitable for runtime, and registry scanning provides the necessary security to avoid degradation of the posture.

Sysdig’s Vulnerability Management cycle and the benefits of scanning in all three phases

Prerequisites

Install and configure the registry scanner on various private registries. For information, see: Install Container Registry Scanning

Registry Scanning Results

Landing Page

Ensure that the registry scanner is installed and at least one scheduled scan job is completed.
Log in to Sysdig Secure and go to Vulnerabilities|Registry Landing Page to see the overview of all registries where a scanner is installed.
The interface mirrors the pipeline and runtime interfaces where you can:
- Browse or search registries or repos.
- Search by image or tag.
- Review detected vulns by severity and exploit status.
Select an image to access the detail panels.

Detail Panels

Overview Tab

This section focuses on the package view and filters for those that are fixable. You can click on the cells to view the Vulnerabilities list.

Vulnerabilities Tab

Use the expanded filters and clickable list of CVEs to view complete CVE details, including source data and fix information.

The same security finding (for example, a particular vulnerability) can be present in more than one rule violation table if it violates several rules.