Should I use the inline scanner or container registry integration for Vulnerability Management?

Like all good Lacework answers: It depends...maybe both? 🙂

They both serve the same purpose: of auditing containers for known CVEs. The question is really about where the containers are located and at what stage you’re assessing them. 

The inline scanner is a great way to scan an individual, local image embedded in a CI/CD pipeline or on your localhost prior to adoption/deployment. Basically a great way to ask “Is this container safe?” during the development process. 

The container registry integration is a great way to continuously scan containers in a Docker V2-compatible registry retroactively to ensure that all of the containers primed for deployment within your org are being continuously assessed for known vulnerabilities. More so, “Do I have any containers in my env that need to be updated given the latest CVE lists?”. 

Hopefully that helps, the two can definitely feel redundant with one another depending on your workflows, but they also can serve two very distinct needs: local/inline targeted scans vs. ongoing/continuous broad audits.

Please let us know if you have any additional questions, SlugLord9001!