Working with Containers

A container represents a software application and may contain all of the necessary code, run-time, system tools, and libraries needed to run the application.

Using containers to manage application deployment is a rapidly growing technology, but container hosts may be packed with risk. Nexpose provides visibility into container hosts and the containers deployed on those hosts.

You can use Nexpose to:

  • Discover which assets are acting as container hosts in your environment.
  • Increase the visibility of where your container hosts live so you can manage your container problems.
  • Identify your running or stopped containers.
  • Identify container hosts that do not comply with CIS benchmarks for common OSes or comply with the official Docker CIS benchmark.

Discovering containers

If you use containers in your environment, Nexpose will identify containers as part of your normal scanning process so that you can see where your hosts live and begin to manage your container issues when necessary.

Use the Asset details page to view your containers on a specific host.

Searching for containers

Use the Filtered Asset Search to search for containers. You can also search by container status and container image.

Scope of capability

Support for containers in Nexpose consists of search and discovery through scanning, and such instances are managed in much the same way as installed software or services discovered on assets within your network.

Additional features such as assessment of vulnerable images, registry pull support, dedicated container dashboard customization, and package/layer level risk assessment are only available through InsightVM.