Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Container Registry
  • Getting started
  • Yandex Container Solution
    • Overview
    • Docker image
    • Docker volume
    • Registry
    • Repository
    • Docker image lifecycle policy
    • Vulnerability scanner
    • Cloud Functions trigger
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Troubleshooting
  • FAQ

In this article:

  • Types of scanning
  • Use cases
  1. Concepts
  2. Vulnerability scanner

Vulnerability scanner

Written by
Yandex Cloud
Updated at April 18, 2025
  • Types of scanning
  • Use cases

Vulnerability scanner is a service that enables you to:

  • Statically analyze a Docker image for vulnerabilities in components, libraries, and dependencies used in the Docker image.
  • Compare Docker image contents with the CVE vulnerability databases.

Vulnerability scanner only works with Docker images from Container Registry. Users can only scan Docker images they have permissions to.

For scanning, a Docker image is unpacked, and a search is performed for installed package versions (deb). The package versions identified are then checked against a database of known vulnerabilities.

Currently, Docker images are available and built for the following supported operating systems:

  • Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.19, 3.20
  • Amazon 2 (Karoo)
  • CentOS 5, 6, 7, 8
  • Debian 7, 8, 9, 10, 11
  • Redhat 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.8, 9.0, 9.1
  • Ubuntu 14.04, 16.04, 18.04, 20.04, 20.10, 21.04, 21.10, 22.04, 24.06

Note

Scanning Docker images for vulnerabilities is charged.

Types of scanningTypes of scanning

You can scan Docker images pushed to a registry for vulnerabilities:

  • Manually: A scan is run by the user.
  • On push: Docker images are scanned automatically on push.
  • On schedule: Docker images are scanned automatically according to a user-defined schedule.

Use casesUse cases

  • Scanning vulnerabilities during continuous deployment of Managed Service for Kubernetes applications using GitLab
  • Storing Docker images created in Yandex Managed Service for GitLab projects

Was the article helpful?

Previous
Docker image lifecycle policy
Next
Cloud Functions trigger
© 2025 Direct Cursus Technology L.L.C.