Skip to main content
Skip table of contents

Container Image Scans - Registry vs. Pipeline

Introduction

Mend offers two ways of scanning Container Images, with the Mend CLI, and with the Container Registry Integration. There are pros and cons to each, and knowing these is crucial to finding the correct way to scan for your images for your needs.

Pipelines

Scanning in the Pipeline is best used when a user desires to have image scan results in the same Mend project as SCA and SAST Results. This allows users to get Operating System vulnerabilities from the images that they typically ship.

Pros

Cons

Scan with the Mend CLI which can be executed in conjunction with other SCA/SAST Scans

Must scan 1 image at a time.

Ability to scan directly into the desired product/project

Need to login to scan images in a private registry

The ability to scan exported images in TAR archive format

The ability to export reports at the end of each scan.

How to implement

Please follow the steps in Scanning Your Applications in the Pipeline. SCA and SAST scans can be ignored if you are using the Mend Repository Integration.

Registry Integration

The Registry Integration scans all images in a private registry. The scans are triggered on Demand from the Mend UI or scheduled. The Registry Integration is a great option to monitor overall health of all images in the registry.

Registry Integration currently supports the following registries:

  • Amazon ECR

  • Microsoft Azure ACR

  • Docker Hub (Private Cloud)

  • Jfrog Artifactory Cloud

Pros

Cons

On-Demand Registry scans

Scans all images into one application on the Mend Platform as opposed to mapping the images to appropriate applications.

Scans images in a registry in bulk

Runs on a cron schedule configurable in the integration settings

How to implement

Please follow the steps in Integrate your Container Image Registries into Mend Container.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.