New Capabilities Automatically Scan for Vulnerabilities to Provide Clear, Actionable Insights into Container Risk without Additional Setup or Configuration
LONDON – Intruder, a leader in exposure management, today announced the release of Container Image Scanning — a new upgrade to its cloud security capabilities that automatically scans container images for vulnerabilities, granting customers clear, actionable insight into container risk without deploying and maintaining scanning agents across their estates.
Leveraging existing integrations with major cloud providers, Intruder now supports Amazon Web Services Elastic Container Registry, Google Cloud Artifact Registry and Azure Container Registry. New images and updated versions are scanned daily for vulnerabilities, and users can view results in a single, prioritized list alongside other vulnerabilities, attack surface issues and misconfigurations detected by Intruder.
The update is available for all platform users across Cloud, Pro and Enterprise tiers as well as in the free trial. New customers will require additional setup when adding cloud integrations. Key benefits include:
- No agents required. Using registry level integrations with cloud providers, customers won’t have the operational overhead associated with deploying agents to nodes, maintaining and debugging them.
- Detection before execution. Unlike agent based approaches, registry level scanning allows customers to detect issues before the image runs in production.
- Noise reduction. Rather than scanning every image in a registry, Intruder uses tags to focus on images that are actually in use across your cloud environments — cutting out noise from old, unused, or deprecated images and surfacing only the risks that matter.
- Coverage across all environments. Agent-based configurations are commonly used in environments like Kubernetes, but containers are also used across many components in cloud infrastructures, such as Functions as a Service (AWS Lambdas), Containers as a Service (AWS ECS), or directly inside virtual machines that also need to be scanned to avoid risks.
- Managed service image scanning: Coverage extends to images deployed to managed container services, where customers don’t have access to the underlying nodes with those services and as a result, couldn’t previously deploy an agent.
Addressing A Common Exposure Gap in Modern Infrastructures
As part of the wider shift to cloud infrastructures, a large and growing proportion of digital workloads now occur on containerized, cloud-native platforms with the total market growing 33.5% per year (Grand View Research). However, those workloads face unique security challenges that leave them vulnerable.
Businesses building and deploying applications in containers often have limited visibility into vulnerabilities inside their container images. This means issues such as vulnerable open source packages, outdated dependencies, and known Common Vulnerabilities and Exposures (CVEs) are often left undetected. This leaves a major gap in attack surface coverage for modern, containerized environments. The problem is only growing worse as containerized infrastructure becomes more common while outdated, agent-based solutions are often complex to configure and maintain.
“Containerized environments are everywhere and security solutions need to adapt accordingly,” said Andy Hornegold, vice president of product at Intruder. “Containerized environments are a big, complicated attack surface and this release extends our attack surface and cloud coverage into one of the most critical parts of modern infrastructure, giving teams continuous visibility into container vulnerabilities with minimal effort and strong signal-to-noise control.”
Security and IT teams interested in learning more about the Intruder platform, its cloud security offerings and Container Image Scanning can book an introductory call here.
About Intruder
Intruder’s exposure management platform helps lean security teams stop breaches before they start by proactively discovering attack surface weaknesses. By unifying attack surface management, cloud security and continuous vulnerability management in one intuitive platform, Intruder makes it easy to stay secure by cutting through the noise and complexity. Founded in 2015 by Chris Wallis, a former ethical hacker turned corporate blue teamer, Intruder is now protecting over 3,000 companies worldwide. Learn more at https://intruder.io.
Q&A: Intruder Container Image Scanning Explained
What is the latest news from Intruder?
Intruder bolsters its cloud security capabilities with the release of Container Image Scanning. The platform now automatically scans container images across AWS ECR, Google Cloud Artifact Registry, and Azure Container Registry. New images and tagged versions are scanned continuously for vulnerabilities, with findings mapped into Intruder’s existing issue detection and prioritization workflow. This gives customers clear, actionable insight into container risk without additional setup or deploying and maintaining scanning agents across their estates.
What are the additional benefits of Container Image Scanning?
Intruder’s Container Image Scanning automatically discovers images from AWS, Azure, and Google Cloud and continuously monitors the tags you choose, so you only see vulnerabilities in what’s actually deployed — not every image ever pushed to your registry. It’s fully agentless, using registry-level integrations that eliminate the overhead of deploying and maintaining agents, while extending coverage to managed services, serverless functions, and VMs where agents can’t reach. Scanning detects issues before images run in production, with results prioritized by exploitability and severity, and automatic rescanning every 24 hours ensures new CVEs are caught fast.
What security concerns necessitate Container Image Scanning?
Businesses building and deploying applications in containers often have limited visibility into vulnerabilities inside their container images. This means issues such as vulnerable OS packages, outdated dependencies, and known CVEs are often left undetected. This ultimately leaves a major gap in attack surface coverage for modern, containerized environments.
The problem is only growing worse as containerized infrastructure becomes more common and outdated, and agent-based solutions are often complex to configure and maintain.
Who benefits the most from Intruder Container Image Scanning?
Mid-market and small Enterprise companies operating cloud environments with containerized workloads on AWS, Google Cloud or Azure will benefit the most from the capabilities, as Intruder has integrations with all three of the major cloud providers.
Where is Container Image Scanning available?
The update is available for all platform users across Cloud, Pro and Enterprise tiers as well as in the free trial. The feature uses existing cloud integrations, with no additional configuration required for existing customers. New customers will need to add Cloud integrations upon signup.
