We are very happy to announce the availability of FOSSA Container Scanning. With Container Scanning, you can now shift left your security posture by scanning and identifying vulnerability and license risks in your container images.

Containers have allowed teams to build fast, achieve greater efficiencies, and operate at an exceptional scale. As a result, we have seen more and more workloads being migrated to containers over the past few years, with usage only expected to grow further. With containers becoming an increasingly key part of open source usage, organizations have to ensure their container images are as secure as possible before being deployed into production.

With FOSSA Container Scanning, you’ll be able to:

  • Identify vulnerabilities in your rpm, apk, and deb packages
  • Inventory the licenses in your container images.
  • Get developer-friendly reporting, including layer differentiation between base image vs. non-base image layers for identified packages

Below are a few examples of what you can expect when using FOSSA Container Scanning.

Base layer dependency
Base layer dependency
Container image scanning results
Actionable scanning results

FOSSA Container Scanning currently supports Alpine, Busybox, CentOS/Redhat, Debian, and Ubuntu linux system-level packages in Docker and OCI container images.

Learn more about our container functionality and how FOSSA can enable you to identify and remediate license and security risk in your open source by requesting a quick demo.