Automatic Docker image scan on push
Written by
Updated at April 28, 2026
Note
You can enable auto scans of Docker images for vulnerabilities on push to Yandex Container Registry in the vulnerability scanner settings without creating any Yandex Cloud Functions functions and triggers.
In this tutorial, you will create a Container Registry registry to store a Docker image. You will also set up automatic scanning for vulnerabilities on push to the registry. A Cloud Functions trigger will track changes to the registry and invoke a function to start scanning when you push a Docker image to the registry.
To set up and run Docker image vulnerability scanning on push to Container Registry, use the following tools:
- Yandex Cloud management console, CLI, and API: Use one of these methods to create your infrastructure step by step.
- Terraform: Streamline creating and managing your resources using the infrastructure as code (IaC) approach. Download a Terraform configuration example from the GitHub repository and then deploy your infrastructure using the Yandex Cloud Terraform provider.