As part of managing vulnerabilities on your system, integrate Sysdig Secure with your container registry to add a layer of defense between pipeline and runtime and enhance defense depth. This page describes how to use the Vulnerability scan results found on the container registry.

Registries are a fundamental stage in the lifecycle of container images. Container registries accumulate large amounts of images, some of which are obsolete or no longer suitable for runtime, and registry scanning provides the necessary security to avoid degradation of the posture.


Install and configure the registry scanner on various private registries. For information, see: Install Container Registry Scanning

Registry Scanning Results

Landing Page

  1. Ensure that the registry scanner is installed and at least one scheduled scan job is completed.

  2. Log in to Sysdig Secure and go to Vulnerabilities|Registry Landing Page to see the overview of all registries where a scanner is installed.

    The interface mirrors the pipeline and runtime interfaces where you can:

    • Browse or search registries or repos.
    • Search by image or tag.
    • Review detected vulns by severity and exploit status.
  3. Select an image to access the detail panels.

Detail Panels

Overview Tab

This section focuses on the package view and filters for those that are fixable. You can click on the cells to view the Vulnerabilities list.

Vulnerabilities Tab

Use the expanded filters and clickable list of CVEs to view complete CVE details, including source data and fix information.

The same security finding (for example, a particular vulnerability) can be present in more than one rule violation table if it violates several rules.

Suggested Usage

Use the filters to find, for example, vulnerabilties with:

Severity Critical, Has Fix, Exploitable

Content Tab

You can view data organized by package view, with expanded filters and clickable CVE cells.

Suggested Usage

Check for the software packages that are most dangerous.

Accept Risk: Registry

In this release of Registry Scanner, Policies and Accept Risk are not yet implemented.

Next Steps

Generate a registry report