Malicious Packages in Mend Container

Overview

Container malicious package detection follows the same conceptual model as SCA, providing the same end-to-end protection and workflows currently available for open-source dependencies.

This enables users to detect, assess, and respond to malicious packages embedded within container layers, ensuring consistent security coverage and visibility across all deployment artifacts.

Key Features

  • Malicious package detection occurs at scan time.

  • Malicious package events will be created in the Mend Platform when applicable.

  • Malicious package events will be denoted by an MSC finding, consumable via UI, API, and notifications (where paplicable).

image-20260706-095925.png

The Container MSC Banner

image-20260706-100327.png
  • A Container MSC banner appears at the top of the platform UI whenat least one active malicious container finding exists in the organization.

  • The count N in the Container banner reflects the total number of active malicious container findings org-wide, scoped to the current user's accessible applications.

  • When both Dependencies and Container MSCs are present, both banners are shown simultaneously, with the Dependencies banner stacked above the Container banner.

  • Clicking “View Affected Applications” / "View Malicious Packages" on the Containers banner navigates to the Applications view pre-filtered to Scan Engine: Containers + Risk Factors: Malicious.

  • The banner reappears on the next session if the underlying findings persist.