IBM Cloud Image Scanning Service

This service will scan the provided container image for vulnerabilities using the IBM Cloud Vulnerability Advisor. The image must be publicly available via a docker pull command without any authentication or login required.

This is an alpha-level service and no warranty is provided. Use at your own risk.

Programmatic Access:

To programmatically access this service send an HTTP GET of the following form:
If the image is successfully scanned, regardless of the scan results, then an HTTP 200 OK will be returned with the scan results returned in a JSON format in the HTTP body, as shown below. If the image can not be scanned then an HTTP 500 Internal Server Error will be returned and an error message will be returned in the Progress property of the JSON in the HTTP body.

Sometimes the process of downloading and scanning large images could take a while. If your connection times-out the scanning process will continue, so simply resend your request and you'll continue from where you left off.

The JSON returned will be of a form similar to this:

  "Progress": "Scan completed: OK",
  "Results": {
    "ID": "2413078b-5662-4ebe-ace1-7d93c33faf54",
    "Scan_Time": 1532786243,
    "Status": "OK",
    "Vulnerabilities": [
        "CVE_Exempt": false,
        "CVE_ID": "CVE-2016-1252",
        "Exempt_Security_Notice_Count": 0,
        "Exempt_Status": "active",
        "Security_Notice_Count": 1,
        "Security_Notices": [
            "Notice": "",
            "Notice_Exempt": false,
            "Notice_ID": "usn-3156-1",
            "Summary": "An attacker could trick APT into installing altered packages.",
            "Vulnerable_Packages": [
                "Corrective_Action": "Upgrade apt to \u003e= 1.0.1ubuntu2.17",
                "Description": "apt has vulnerabilities",
                "Fix_Version": "1.0.1ubuntu2.17",
                "Installed_Version": "1.0.1ubuntu2.10",
                "Package_Name": "apt"
        "Summary": "An attacker could trick APT into installing altered packages.",
        "Total_Security_Notice_Count": 1
    "Configuration_Issues": [
        "Correct_Action": "",
        "Description": "Enables root login.",
        "Exempt": false,
        "Meta": {
          "keypath": "/etc/ssh/sshd_config/PermitRootLogin",
          "value": "yes"
        "Type": "application_configuration:ssh.PermitRootLogin"
For help, or to report issues, please visit the ibm-cloud Slack channel on the Kubernetes slack workspace.