Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Activating Vulnerability Management (VM)

Written by
Updated at March 26, 2026

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Vulnerability Management enables you to centrally manage container image vulnerability scanning and view scan results within your workspace.

To get started with Vulnerability Management:

  1. Create a service account Vulnerability Management will use to view the info on Container Registry and Cloud Registry registries and Managed Service for Kubernetes clusters.

  2. Assign to the service account the security-deck.worker role for the organization, cloud, or folder.

    Note

    Vulnerability Management will only have access to resources residing in the relevant organization, cloud, or folder.

    If you have assigned the role for a particular folder, the service account will also need the auditor role for the cloud.

  3. Create a Security Deck workspace configured as follows:

    • In the connector settings under Resources:

      • Select the service account you created earlier.
      • Specify the clouds and folders you want to monitor for container image vulnerabilities.

    • In the Security compliance section, select Vulnerability Management under Control modules.

  4. Complete Vulnerability Management setup:

    1. Click Workspace parameters on the new workspace page.

    2. Go to the Vulnerability management tab.

    3. Under Scope of control, select the clouds, folders, or individual registries within the workspace resources for vulnerability detection and control.

      The following options are available:

      • All registries in the workspace: Scan every Container Registry and Cloud Registry in the selected clouds and folders.
      • Only registries in the selected location: Scan registries only in the specified clouds or folders.
      • Only images running in Managed Service for Kubernetes clusters: Scan only images deployed in Managed Service for Kubernetes clusters. This requires Kubernetes® Security Posture Management to be on.

    4. Under Periodic vulnerability search in registries, enable regular scanning of images in registries to detect vulnerabilities discovered after the images get published.

    5. Under Searching for vulnerabilities when adding images to registries, enable scanning of images newly added to registries to detect known vulnerabilities in the supply chain.

      Note

      Vulnerability scanning of newly added images is only available in Cloud Registry.

    6. Click Save and confirm the action.

Tip

To stop image scans, delete the Security Deck workspace or disable Vulnerability Management in the workspace settings.

Previous
Overview
Next
Working with a dashboard