Source
Commit, repository, owner, dependency manifests, build definition, and approved branch.
Cloud workload vulnerability scanning is credible only when your team can prove which image digest was assessed, which digest was deployed, where it is running, what the scanner could inspect, and which risks remain outside image-package analysis.
“The image was scanned” is not closure. The defensible statement is: the exact immutable artifact running in the approved environment was assessed with known coverage, prioritized in context, remediated or governed, and verified again.
A tag can move. A build can change. A multi-architecture manifest can resolve differently. The evidence chain should preserve the identity of the artifact as it moves through controls.
Commit, repository, owner, dependency manifests, build definition, and approved branch.
Builder identity, base image, packages, architecture, SBOM, signatures, and attestations.
Repository, immutable digest, tag history, scan status, timestamps, and retention policy.
Policy result, exception, signature decision, environment, and deployment authorization.
Cluster, namespace, workload, pod or task, node, account, region, and active digest.
Rebuilt artifact, new digest, rollout proof, old-instance removal, and verified risk disposition.
Kubernetes documents why a digest identifies a specific image version, while a mutable tag can later point to different code. Use the digest as the join key across build, registry, admission, inventory, findings, tickets, and rescan evidence.
The tag helps people recognize a release; the digest proves which bytes were assessed and deployed. Do not treat one as a substitute for the other.
For multi-architecture images, identify the manifest and architecture-specific image that each runtime pulled. Coverage for one platform does not prove coverage for another.
Find running images absent from the approved registry, stale workloads using older digests, sidecars and add-ons outside the release pipeline, and images that escaped the normal gate.
A clean replacement image does not reduce exposure if vulnerable replicas, jobs, nodes, serverless revisions, cached tasks, or rollback targets still execute the old digest.
NIST SP 800-190 describes security concerns across the container technology stack. A practical program needs several coordinated lenses because each one answers a different question and produces a different kind of evidence.
Operating-system and language packages, versions, dependency paths, known vulnerabilities, secrets where supported, malware where supported, licenses, and unsupported software.
Source-to-build relationship, base-image origin, reproducibility, builder identity, SBOM quality, signatures, attestations, and protected pipeline controls.
Repository scope, push and rescan behavior, retention, immutability, cross-account copies, private-registry access, stale results, and images outside supported repositories.
Privileged mode, capabilities, seccomp or equivalent, read-only filesystems, secrets mounts, service accounts, network policies, resource controls, and admission decisions.
Node operating systems, managed control planes, cloud IAM, registry permissions, KMS, logging, private endpoints, cluster configuration, and account-level exposure.
Executed binaries, unexpected process trees, file changes, network connections, credential access, exploit behavior, drift, and active attack signals.
Use this matrix during architecture review, scanner evaluation, control testing, and incident follow-up.
The full matrix remains available inside this scroll frame. Use the visible right and bottom scrollbars to review every column.
| Control question | Strong evidence | Common false confidence | Additional control | Closure proof |
|---|---|---|---|---|
| Which artifact was assessed? | Digest, registry path, manifest architecture, scan engine, rule/feed version, scan time, and status | Only a mutable tag, screenshot, or release name | Build provenance and registry API evidence | Finding and deployment records join on the same digest |
| What packages were inspected? | Inventory/SBOM, supported package ecosystems, file paths, layers, and unrecognized content | Assuming “scan completed” means every file and package was understood | Coverage test images and independent inventory comparison | Known supported and excluded content documented |
| Is the image running? | Runtime inventory mapped to cluster, namespace, workload, account, region, and digest | Prioritizing every registry finding as production exposure—or ignoring unused artifacts entirely | Registry-to-runtime reconciliation | Active and non-active artifact states recorded with owner and environment |
| Is the workload securely configured? | Live manifest, policy evaluation, effective service account, privilege, mounts, network and secret configuration | Equating a package-only image scan with workload hardening | Kubernetes/cloud posture assessment and manual review | Effective configuration rechecked after deployment |
| Is the host layer covered? | Node/host inventory, OS vulnerability status, control-plane responsibility, patch state, and exceptions | Assuming the managed platform removes every host responsibility | Cloud-native host assessment and provider responsibility mapping | Affected node pool rebuilt, patched, or governed and rescanned |
| Was the vulnerable code executed? | Reachability analysis where reliable, runtime telemetry, process/network evidence, and application context | Calling a package present “exploited,” or calling it safe solely because execution was not observed | Application testing and threat detection | Risk decision cites reachability limits and runtime evidence |
| Did remediation reach production? | New digest, deployment rollout, replica/task/revision inventory, and removal of the old digest | Closing when a pull request merges or a new image reaches the registry | Deployment and configuration validation | Targeted rescan plus runtime inventory proves the replacement is active |
| Can the old image return? | Rollback targets, cached jobs, dormant revisions, autoscaling templates, recovery artifacts, and registry retention | Checking only currently healthy replicas | Rollback and disaster-recovery review | Old digest blocked, removed, or explicitly governed |
Cloud-native capabilities change. Confirm the current product documentation, account configuration, service tier, permissions, supported registries, package ecosystems, and data freshness rather than assuming a checkbox creates complete coverage.
Microsoft documents separate requirements for registry image assessment and vulnerability assessment of running images. It also identifies limitations such as an unscanned container runtime layer and conditions that can cause partial results.
Review supported Defender for Containers assessment behavior
AWS distinguishes basic ECR scanning from Amazon Inspector enhanced scanning. Enhanced scanning can cover operating-system and programming-language packages and can operate continuously when configured for the repository.
Google Artifact Analysis scans container dependencies and continuously updates findings within documented activity windows. Security Command Center can add workload and runtime context depending on the enabled service and tier.
This fictional example shows how a finding should move across engineering, cloud operations, security, and evidence records.
A screenshot of a clean dashboard is not enough. The record should remain useful after tags move, tools change, staff rotate, or an auditor asks how coverage was established.
Cloud account/subscription/project, region, registry, repository, cluster/service, namespace, workload, environment, business owner, technical owner, and criticality.
Digest, tag history, manifest architecture, source commit, build, base image, SBOM, signature/attestation, and registry timestamps.
Scanner, engine/rules/feed version, scan trigger, time, supported content, exclusions, errors, result status, and freshness.
Running workload count, public reachability, privileges, service account, data sensitivity, network path, exploit evidence, and compensating controls.
Owner, due date, rebuilt digest, deployment change, exception approval, expiry, mitigation, rollback treatment, and implementation evidence.
Targeted rescan, runtime reconciliation, old-digest removal, remaining risk, future-rescan trigger, and conditions that reopen the finding.
Use CVSS, EPSS, KEV, exposure, and business context to build the remediation queue. Then apply a governed remediation SLA with rescan and closure evidence.
Package analysis cannot validate authorization, business logic, exposed routes, or runtime application behavior. Use web application and API vulnerability scanning where the workload exposes an application interface, and validate the scan report’s scope, health, and evidence before accepting its conclusions.
No. Image scanning primarily analyzes content packaged in an image. Cloud workload vulnerability scanning should connect that artifact to the environment where it runs and add configuration, identity, host, cloud-control-plane, application, and runtime evidence appropriate to the platform.
A tag is a human-friendly pointer that can later move to another image. A digest identifies specific image content. Record both, but use the digest to prove which artifact was scanned, admitted, deployed, remediated, and rescanned.
Not by itself. Prove the running workload uses the scanned digest, confirm the correct architecture, review scan freshness and limitations, and assess deployment settings, host/cloud controls, application behavior, secrets, and runtime risk that a package scan cannot cover.
Scan during the build or before admission, on registry push where supported, and continuously or on a defined cadence as new advisories appear. Trigger additional scanning when the base image, package inventory, threat intelligence, production exposure, platform configuration, or tool coverage changes.
Closure should identify the replacement digest, targeted rescan result, deployment rollout, runtime inventory, treatment of old images and rollback targets, remaining exceptions, and any conditions that would reopen the finding. A merged pull request or retagged image is not sufficient proof.
Do not assume so. Supported registries, package types, architectures, runtime services, activity windows, permissions, tiers, and limitations vary. Build a requirements matrix, test representative artifacts and workloads, and document the controls used to cover each gap.
OC Security Audit can review registry and runtime coverage, artifact identity, scan configuration, cloud-control gaps, prioritization, exceptions, and closure evidence—so leaders know what was assessed, what is actually running, and what needs action first. The review is guided by Ali Hassani, CISO, with 25+ years of IT, cybersecurity, cloud, network, and compliance experience.