You can scan container images by specifying the container image name. Currently, it supports AWS and GCP DockerRegistry.
As of June 2022, trivy integration is recommended for vulnerability scanning of container images in terms of detection accuracy and performance, rather than ECR/GCR integration.
Container image scanning is performed around 2:00 or 18:00 am JST every morning. You can also manually scan from the server detail screen.
If the Amazon ECR image scan setting is enhanced scan, updates to existing AWS authentication settings may be required. Refer to Policy used by FutureVuls and add inspector2:ListCoverage
and inspector2:ListFindings
as Action
to FutureVulsAssumeRole
IAM Policy.
Only vulnerabilities with a status of ACTIVE
in Amazon ECR scan results are linked to FutureVuls (SUPPRESSED
and CLOSED
are not linked).
After completing the settings in ECR, register the container image on FutureVuls.
When the image registration is complete, the “Manual scan” button will be displayed on the server detail tab. When the scan is executed, vulnerabilities and tasks are created in the same way as with a normal server.
After setting up GCR, register the container image on FutureVuls.
When image registration is complete, the “Manual scan” button will appear in the server’s detailed tab. When the scan is performed, vulnerabilities and tasks will be created just like with a regular server.