{"id":187,"date":"2025-05-23T07:49:48","date_gmt":"2025-05-23T07:49:48","guid":{"rendered":"https:\/\/devsecopsschool.com\/blog\/?p=187"},"modified":"2025-05-23T07:49:48","modified_gmt":"2025-05-23T07:49:48","slug":"image-scanning-in-devsecops-a-comprehensive-tutorial","status":"publish","type":"post","link":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/","title":{"rendered":"Image Scanning in DevSecOps: A Comprehensive Tutorial"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Introduction &amp; Overview<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning is a cornerstone of DevSecOps, ensuring that container images used in software development and deployment are secure, compliant, and free from vulnerabilities. This tutorial provides an in-depth exploration of image scanning, its role in the DevSecOps lifecycle, and practical guidance for implementation. Designed for developers, security engineers, and DevOps professionals, it covers concepts, setup, use cases, and best practices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is Image Scanning?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning is the process of analyzing container images (e.g., Docker or OCI images) to identify security vulnerabilities, misconfigurations, and compliance issues. It examines the image\u2019s layers, dependencies, and configurations to detect known vulnerabilities (e.g., CVEs), outdated packages, or insecure settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">History or Background<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning emerged in the early 2010s with the rise of containerization technologies like Docker. As containers became integral to microservices and cloud-native architectures, securing them became critical. Early tools like Clair (2015) and commercial platforms like Twistlock (now Prisma Cloud) pioneered image scanning, integrating it into CI\/CD pipelines. Today, it\u2019s a foundational practice in DevSecOps, driven by the need for rapid, secure software delivery.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why is it Relevant in DevSecOps?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In DevSecOps, security is embedded into every stage of the software development lifecycle (SDLC). Image scanning ensures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Early Vulnerability Detection<\/strong>: Identifies risks before deployment.<\/li>\n\n\n\n<li><strong>Compliance<\/strong>: Aligns with standards like CIS benchmarks or GDPR.<\/li>\n\n\n\n<li><strong>Automation<\/strong>: Integrates with CI\/CD for continuous security.<\/li>\n\n\n\n<li><strong>Risk Reduction<\/strong>: Mitigates supply chain attacks via dependency checks.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Core Concepts &amp; Terminology<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Key Terms and Definitions<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Container Image<\/strong>: A lightweight, portable package containing an application, its dependencies, and configurations.<\/li>\n\n\n\n<li><strong>CVE (Common Vulnerabilities and Exposures)<\/strong>: A standardized identifier for known vulnerabilities.<\/li>\n\n\n\n<li><strong>Image Layer<\/strong>: A read-only component of a container image, representing changes like added files or dependencies.<\/li>\n\n\n\n<li><strong>Vulnerability Database<\/strong>: A repository (e.g., NVD, OSV) listing known vulnerabilities.<\/li>\n\n\n\n<li><strong>SBOM (Software Bill of Materials)<\/strong>: A list of components in an image, used for transparency and security.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Term<\/th><th>Definition<\/th><\/tr><\/thead><tbody><tr><td><strong>CVE<\/strong><\/td><td>Publicly disclosed cybersecurity vulnerabilities<\/td><\/tr><tr><td><strong>Base Image<\/strong><\/td><td>The foundational image used to build application containers<\/td><\/tr><tr><td><strong>Layers<\/strong><\/td><td>Images are composed of stacked filesystem layers<\/td><\/tr><tr><td><strong>Registry<\/strong><\/td><td>A service to store and distribute container images (e.g., Docker Hub)<\/td><\/tr><tr><td><strong>SBOM<\/strong><\/td><td>Software Bill of Materials &#8211; detailed inventory of components<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">How It Fits into the DevSecOps Lifecycle<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning integrates into the SDLC as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Build Phase<\/strong>: Scans images during creation to catch vulnerabilities in base images or dependencies.<\/li>\n\n\n\n<li><strong>CI\/CD Pipeline<\/strong>: Automates scans in tools like Jenkins or GitHub Actions to enforce security gates.<\/li>\n\n\n\n<li><strong>Deploy Phase<\/strong>: Validates images before deployment to Kubernetes or cloud platforms.<\/li>\n\n\n\n<li><strong>Monitoring<\/strong>: Continuously scans running containers for new vulnerabilities.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Code \u2192 Build \u2192 Test (Scan Image) \u2192 Release \u2192 Deploy (Policy Gate) \u2192 Monitor<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Architecture &amp; How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Components and Internal Workflow<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">An image scanning system typically includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scanner Engine<\/strong>: Analyzes image layers (e.g., Trivy, Snyk).<\/li>\n\n\n\n<li><strong>Vulnerability Database<\/strong>: Provides CVE data for comparison.<\/li>\n\n\n\n<li><strong>Policy Engine<\/strong>: Enforces rules (e.g., block images with critical CVEs).<\/li>\n\n\n\n<li><strong>Reporting Module<\/strong>: Generates scan reports in JSON, HTML, or CLI formats.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Workflow<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The scanner pulls the image from a registry (e.g., Docker Hub).<\/li>\n\n\n\n<li>It unpacks layers to identify OS packages, libraries, and configurations.<\/li>\n\n\n\n<li>The scanner matches components against a vulnerability database.<\/li>\n\n\n\n<li>Results are evaluated against policies, and reports are generated.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture Diagram Description<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The architecture can be visualized as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>Container Registry<\/strong> (left) feeds images to a <strong>Scanner Engine<\/strong> (center).<\/li>\n\n\n\n<li>The scanner connects to a <strong>Vulnerability Database<\/strong> (top) for CVE data.<\/li>\n\n\n\n<li>A <strong>Policy Engine<\/strong> (right) evaluates results and sends alerts\/reports to a <strong>CI\/CD Pipeline<\/strong> or <strong>Dashboard<\/strong> (bottom).<\/li>\n\n\n\n<li>Arrows show data flow: image to scanner, vulnerabilities to policy engine, and reports to pipeline\/dashboard.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>+-------------------+\n|   DevSecOps CI\/CD |\n+--------+----------+\n         |\n         v\n+--------+----------+       +------------------+\n|   Image Scanner   |&lt;-----&gt;| Vulnerability DB |\n+--------+----------+       +------------------+\n         |\n         v\n+--------+----------+\n|    Policy Engine  |\n+--------+----------+\n         |\n         v\n+--------+----------+\n|   Scan Reports    |\n+-------------------+<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Integration Points with CI\/CD or Cloud Tools<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning integrates with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CI\/CD Tools<\/strong>: Jenkins, GitHub Actions, GitLab CI (e.g., via plugins or CLI).<\/li>\n\n\n\n<li><strong>Container Registries<\/strong>: AWS ECR, Google Artifact Registry (e.g., native scanning).<\/li>\n\n\n\n<li><strong>Orchestrators<\/strong>: Kubernetes (e.g., admission controllers like Gatekeeper).<\/li>\n\n\n\n<li><strong>Cloud Platforms<\/strong>: AWS, Azure, GCP for runtime scanning.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Installation &amp; Getting Started<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Basic Setup or Prerequisites<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OS<\/strong>: Linux, macOS, or Windows with Docker installed.<\/li>\n\n\n\n<li><strong>Tools<\/strong>: Docker, a scanner (e.g., Trivy), and a container registry account.<\/li>\n\n\n\n<li><strong>Access<\/strong>: Permissions to pull\/push images and run scans.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hands-On: Step-by-Step Beginner-Friendly Setup Guide<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This guide uses Trivy, an open-source scanner, to scan a Docker image.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Install Trivy<\/strong>:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code># On Ubuntu\/Debian\nsudo apt-get install wget\nwget https:\/\/github.com\/aquasecurity\/trivy\/releases\/download\/v0.53.0\/trivy_0.53.0_Linux-64bit.deb\nsudo dpkg -i trivy_0.53.0_Linux-64bit.deb<\/code><\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Pull a Sample Image<\/strong>:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>docker pull nginx:latest<\/code><\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Scan the Image<\/strong>:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>trivy image nginx:latest<\/code><\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>Review Output<\/strong>: Trivy lists vulnerabilities (e.g., CVEs) with severity, package details, and remediation steps.<\/li>\n\n\n\n<li><strong>Integrate with CI\/CD<\/strong> (e.g., GitHub Actions):<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>name: Image Scan\non: &#091;push]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions\/checkout@v3\n      - name: Run Trivy\n        uses: aquasecurity\/trivy-action@master\n        with:\n          image-ref: 'nginx:latest'\n          format: 'table'\n          exit-code: '1' # Fail on critical vulnerabilities<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Real-World Use Cases<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>E-Commerce Platform<\/strong>: Scans container images for a microservices-based checkout system to ensure no vulnerabilities in payment processing libraries.<\/li>\n\n\n\n<li><strong>Financial Services<\/strong>: Ensures compliance with PCI-DSS by scanning images for outdated cryptographic libraries before deploying trading apps.<\/li>\n\n\n\n<li><strong>Healthcare<\/strong>: Validates container images for a patient portal to comply with HIPAA, checking for vulnerabilities in base images.<\/li>\n\n\n\n<li><strong>Open-Source Projects<\/strong>: Scans images in public registries to prevent supply chain attacks, ensuring dependencies are secure.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Benefits &amp; Limitations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Key Advantages<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactive Security<\/strong>: Identifies risks early, reducing attack surfaces.<\/li>\n\n\n\n<li><strong>Automation<\/strong>: Streamlines security in CI\/CD pipelines.<\/li>\n\n\n\n<li><strong>Compliance<\/strong>: Aligns with standards like GDPR, HIPAA, and CIS.<\/li>\n\n\n\n<li><strong>Transparency<\/strong>: Generates SBOMs for supply chain visibility.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common Challenges or Limitations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>False Positives<\/strong>: May flag non-exploitable vulnerabilities.<\/li>\n\n\n\n<li><strong>Performance Overhead<\/strong>: Scanning large images can slow pipelines.<\/li>\n\n\n\n<li><strong>Dependency on Databases<\/strong>: Limited by the accuracy of CVE databases.<\/li>\n\n\n\n<li><strong>Complex Remediation<\/strong>: Fixing vulnerabilities may require updating base images or dependencies.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices &amp; Recommendations<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scan Early and Often<\/strong>: Integrate scanning in build, test, and deploy phases.<\/li>\n\n\n\n<li><strong>Use Minimal Base Images<\/strong>: Prefer <code>alpine<\/code> or <code>distroless<\/code> to reduce attack surfaces.<\/li>\n\n\n\n<li><strong>Automate Remediation<\/strong>: Use tools like Dependabot to update vulnerable dependencies.<\/li>\n\n\n\n<li><strong>Enforce Policies<\/strong>: Block images with critical CVEs using CI\/CD gates.<\/li>\n\n\n\n<li><strong>Monitor Continuously<\/strong>: Scan running containers for newly discovered vulnerabilities.<\/li>\n\n\n\n<li><strong>Compliance Alignment<\/strong>: Map scans to standards like NIST 800-53 or CIS benchmarks.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Comparison with Alternatives<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Tool<\/strong><\/th><th><strong>Open Source<\/strong><\/th><th><strong>Key Features<\/strong><\/th><th><strong>Use Case<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Trivy<\/td><td>Yes<\/td><td>Fast, lightweight, SBOM support<\/td><td>CI\/CD integration, small teams<\/td><\/tr><tr><td>Snyk<\/td><td>No<\/td><td>Advanced reporting, remediation advice<\/td><td>Enterprise, compliance-heavy<\/td><\/tr><tr><td>Clair<\/td><td>Yes<\/td><td>Deep layer analysis, Kubernetes focus<\/td><td>Open-source projects<\/td><\/tr><tr><td>AWS ECR Scanning<\/td><td>No<\/td><td>Native AWS integration<\/td><td>AWS-centric deployments<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>When to Choose Image Scanning<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use image scanning for containerized workloads over traditional SAST (Static Application Security Testing) when focusing on runtime environments.<\/li>\n\n\n\n<li>Choose Trivy for lightweight, open-source needs; Snyk for enterprise-grade reporting.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Image scanning is a vital component of DevSecOps, enabling secure, compliant, and efficient containerized deployments. By integrating scanning into CI\/CD pipelines, teams can proactively address vulnerabilities and align with industry standards. Future trends include AI-driven vulnerability prioritization and deeper SBOM integration. To get started, explore tools like Trivy or Snyk, and engage with communities for best practices.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction &amp; Overview Image scanning is a cornerstone of DevSecOps, ensuring that container images used in software development and deployment&#8230; <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"series":[],"class_list":["post-187","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School\" \/>\n<meta property=\"og:description\" content=\"Introduction &amp; Overview Image scanning is a cornerstone of DevSecOps, ensuring that container images used in software development and deployment...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/\" \/>\n<meta property=\"og:site_name\" content=\"DevSecOps School\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-23T07:49:48+00:00\" \/>\n<meta name=\"author\" content=\"pritesh k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"pritesh k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/\"},\"author\":{\"name\":\"pritesh k\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/#\\\/schema\\\/person\\\/7e884a8b201ba380e56441154dbedbc6\"},\"headline\":\"Image Scanning in DevSecOps: A Comprehensive Tutorial\",\"datePublished\":\"2025-05-23T07:49:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/\"},\"wordCount\":1083,\"commentCount\":0,\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/\",\"url\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/\",\"name\":\"Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/#website\"},\"datePublished\":\"2025-05-23T07:49:48+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/#\\\/schema\\\/person\\\/7e884a8b201ba380e56441154dbedbc6\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/image-scanning-in-devsecops-a-comprehensive-tutorial\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Image Scanning in DevSecOps: A Comprehensive Tutorial\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/\",\"name\":\"DevSecOps School\",\"description\":\"DevSecOps Redefined\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/#\\\/schema\\\/person\\\/7e884a8b201ba380e56441154dbedbc6\",\"name\":\"pritesh k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g\",\"caption\":\"pritesh k\"},\"url\":\"https:\\\/\\\/devsecopsschool.com\\\/blog\\\/author\\\/priteshgeek\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/","og_locale":"en_US","og_type":"article","og_title":"Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School","og_description":"Introduction &amp; Overview Image scanning is a cornerstone of DevSecOps, ensuring that container images used in software development and deployment...","og_url":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/","og_site_name":"DevSecOps School","article_published_time":"2025-05-23T07:49:48+00:00","author":"pritesh k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"pritesh k","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/#article","isPartOf":{"@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/"},"author":{"name":"pritesh k","@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/7e884a8b201ba380e56441154dbedbc6"},"headline":"Image Scanning in DevSecOps: A Comprehensive Tutorial","datePublished":"2025-05-23T07:49:48+00:00","mainEntityOfPage":{"@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/"},"wordCount":1083,"commentCount":0,"inLanguage":"en","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/","url":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/","name":"Image Scanning in DevSecOps: A Comprehensive Tutorial - DevSecOps School","isPartOf":{"@id":"https:\/\/devsecopsschool.com\/blog\/#website"},"datePublished":"2025-05-23T07:49:48+00:00","author":{"@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/7e884a8b201ba380e56441154dbedbc6"},"breadcrumb":{"@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devsecopsschool.com\/blog\/image-scanning-in-devsecops-a-comprehensive-tutorial\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devsecopsschool.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Image Scanning in DevSecOps: A Comprehensive Tutorial"}]},{"@type":"WebSite","@id":"https:\/\/devsecopsschool.com\/blog\/#website","url":"https:\/\/devsecopsschool.com\/blog\/","name":"DevSecOps School","description":"DevSecOps Redefined","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devsecopsschool.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/7e884a8b201ba380e56441154dbedbc6","name":"pritesh k","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g","caption":"pritesh k"},"url":"https:\/\/devsecopsschool.com\/blog\/author\/priteshgeek\/"}]}},"_links":{"self":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=187"}],"version-history":[{"count":1,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/187\/revisions"}],"predecessor-version":[{"id":188,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/187\/revisions\/188"}],"wp:attachment":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=187"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/series?post=187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}