One thought on “How does Security Center scan an image?

  1. Arti says:

    The scanner extracts a list of known vulnerabilities. Security Center pulls the image from the registry and runs it in an isolated sandbox with the Qualys scanner. Disabled findings don’t impact your secure score or generate unwanted noise. Security Center identifies Azure Resource Manager based ACR registries in your subscription and seamlessly provides Azure-native vulnerability assessme Security Center identifies Azure Resource Manager based ACR registries in your subscription and seamlessly provides Azure-native vulnerability assessment and management for your registry’s images. If you have an organizational need to ignore a finding, rather than remediate it, you can optionally disable it. Yes. Also, you can use Azure Resource Graph (ARG), the Kusto-like API for all of your resources: a query can fetch a specific scan. The results are under Sub-Assessments Rest API. In such cases, the ‘old’ image does still exist in the registry and may still be pulled by its digest.

Leave a Reply

Your email address will not be published.