Security Scanning

Scans images and containers as applications are deployed, performing static analysis of vulnerabilities on code and container image levels.

Lens AppIQ's security capabilities are structured in the following manner:

  • In regular intervals, Lens AppIQ ingests vulnerability metadata from a configured set of sources and stores it in its internal database.
  • Containers are indexed by their images, creating a list of features present in the image and stores them in the database.
  • Lens AppIQ queries its database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
  • When updates to vulnerability metadata occur, a notification is sent to alert systems that a change has occurred.
  • At a pre-set interval, Lens AppIQ scrubs container images and indexes. Lens AppIQ can send out alerts, reports, or block deployments to Lens AppIQ environments if any vulnerabilities are matched to identified software packages in the images.

Lens AppIQ increases awareness and best security practices across developer and operations teams by automatically detecting vulnerabilities and encouraging action to patch and address the vulnerabilities. When new vulnerabilities are announced, Lens AppIQ's built-in scanning (based on Clair) knows right away, without rescanning, which existing layers are vulnerable and notifications are sent.

Scanning Applications

To scan a specific application image for vulnerabilities, use the app security scan command.

lapps app security scan [-a/--app appname] [--config/-c configfile]


-a, --appThe name of the application
-c, --configconfig file (not required)

Listing Application Scans

To list all security scans for a specific application, use the app security list command.

lapps app security list [-a/--app appname]


-a, --appThe name of the application

Application Security Report

To create a report of a security scan for a particular application, use the app security report command.

lapps app security report [-a/--app app-name]


-a, --appThe name of the application
-iScan index

Scanning Images

To scan a specific image for vulnerabilities. Use the image security scan command

lapps image security scan imagename [--config/-c configname]


-c, --configConfiguration file (not required)

Listing Image Scans

To list all security scans for a specific image, use the image security list command

lapps image security list imagename

Image Security Report

To create a security scan report, use the image security report command.

lapps image security report imagename -i scanIndex


-iScan index