When Nessus scans a host using credentials it has the ability to search through all files on the host and search within some files. Of interest is how it can scan within Docker overlay files. E.g. the files like:
- /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
- /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
- /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/work
And when Nessus finds and scans those files it’s able to identify the components within the associated docker images. I scanned a host that had running images with OpenVAS and it had root credentials, but sadly it seemed openVAS was not able to do this.
Greenbone Security Assistant: Version 21.4.3