Scanning Containers

I am running GVM 22.4 with great success against workstations from a laptop. My questions is I want to use this laptop to scan against a container. What will I need to accomplish this other than an ID and IP address of the hosted service (SaaS). Is there a specific configuration that I should be doing and if so where can I find this?

Thank you


first of all you need to understand how our scanner works (at least currently). It’s a scanner for checking hosts in networks. If there is a host with an IP in the scan target range it tries to scan it. That’s different to so called container scanners. This scanners act on the content of the container image layers and check to file contents especially the versions of the installed packages in the container image.

Thus if you want to scan a container with our software it needs to be visible in the network and listed in the target of your scan. Additionally to be able to do “inside” scans you need to setup SSH access and add a SSH credential.