<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>article PANCast™ Episode 58: Container Registry Scanning in PANCast™ Episodes</title>
    <link>https://live.paloaltonetworks.com/t5/pancast-episodes/pancast-episode-58-container-registry-scanning/ta-p/1257891</link>
    <description>&lt;DIV class="lia-message-template-content-zone"&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;/DIV&gt;
&lt;DIV class="lia-message-template-content-zone"&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV class="lia-message-template-content-zone"&gt;&lt;IFRAME src="https://www.youtube.com/embed/Guwm67f7flM?si=B_iw3f2lMEZAcMmo" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen" title="YouTube video player" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin"&gt;&lt;/IFRAME&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;Episode Transcript:&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Hello and welcome back to PANCast™ Today we're exploring a critical component of modern security: container registry scanning. Joining me to shed some light on this is our expert, Sindhuja. Welcome!&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Hey John, thanks for inviting me today and giving this opportunity to deliver another great episode of PANCast™. My name is Sindhuja and I am a Staff Technical Engineer working in the Cortex Cloud and Compute domain with a total of 8 years of experience in cyber security.&lt;/P&gt;
&lt;span class="lia-inline-image-display-wrapper lia-image-align-right" image-alt="Sindhuja Srinivasan is a Staff Technical Support Engineer at Palo Alto Networks, specializing in securing the cloud. With 8 years of experience navigating the intersection of cybersecurity and networking, she is an expert in the Prisma Cloud ecosystem, helping organizations build and maintain a secure cloud posture." style="width: 299px;"&gt;&lt;img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/71925i2952393D89DEC5F6/image-size/medium?v=v2&amp;amp;px=400" role="button" title="profile-picture.jpeg" alt="Sindhuja Srinivasan is a Staff Technical Support Engineer at Palo Alto Networks, specializing in securing the cloud. With 8 years of experience navigating the intersection of cybersecurity and networking, she is an expert in the Prisma Cloud ecosystem, helping organizations build and maintain a secure cloud posture." /&gt;&lt;span class="lia-inline-image-caption" onclick="event.preventDefault();"&gt;Sindhuja Srinivasan is a Staff Technical Support Engineer at Palo Alto Networks, specializing in securing the cloud. With 8 years of experience navigating the intersection of cybersecurity and networking, she is an expert in the Prisma Cloud ecosystem, helping organizations build and maintain a secure cloud posture.&lt;/span&gt;&lt;/span&gt;
&lt;P&gt; &lt;/P&gt;
&lt;BR /&gt;
&lt;P&gt; &lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;So, Sindhuja, let's get right to it. What exactly is container registry scanning and why is it so important for a cloud environment?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Well, at its core, a container registry is a service for publishing and securely distributing container images. Think of it as a central hub where all your application components are stored.To take a step back, containers are essentially lightweight, standalone packages that contain everything an application needs to run—the code, libraries, and settings—so it works the same way regardless of where it’s deployed.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Container registry scanning is the process of identifying vulnerabilities, malware, and secrets within these images. The goal is to ensure you’re only using trusted and compliant images in your production environments.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That makes perfect sense. It's like checking for defects in the raw materials before you start building. Can you walk us through how this process works?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Absolutely. The process has three key phases:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Discovery,&lt;/LI&gt;
&lt;LI&gt;Scanning,&lt;/LI&gt;
&lt;LI&gt;and Evaluation&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;First, Discovery detects all the registries, repositories, and image tags in your environment. This step ensures no image is missed.&lt;/P&gt;
&lt;P&gt;Second, the Scanning phase runs to find vulnerabilities, malware, and secrets within those images.&lt;/P&gt;
&lt;P&gt;Finally, in the Evaluation phase, the scan results are used to create compliance findings that identify issues requiring remediation.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That sounds very thorough. Does this process happen just once, or is there a way to keep things up to date?&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That's a key point. After the initial scan, a scan re-evaluation process automatically reassesses the existing scan results every 24 hours. This uses the latest threat intelligence feeds without needing a full, resource-intensive re-scan. This ensures you can proactively mitigate risks as new threats emerge.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That's fantastic. Now, the documentation mentions different ways to configure scanning. Can you explain the various modes and which one someone might choose?&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Sure. When you connect a registry, you can choose from three main scan modes:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Cloud Scan: This mode performs security scanning within the Cortex cloud environment. It's a straightforward option for general cloud-hosted registries.&lt;/LI&gt;
&lt;LI&gt;Scan with Outpost: This mode shifts the scanning to your own cloud account's infrastructure. It may require additional permissions and could incur extra costs.&lt;/LI&gt;
&lt;LI&gt;Scan with Broker VM: This is used for security scanning within private networks.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;So, a Broker VM would be for a registry that isn’t publicly accessible?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Exactly. It's designed for those private network environments. In addition to the scan mode, you can also configure the initial scan to focus on specific images to avoid unnecessary scans. For example, you can choose to scan:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;All images, including all versions and tags.&lt;/LI&gt;
&lt;LI&gt;Only Latest Tags.&lt;/LI&gt;
&lt;LI&gt;Or images modified within a specific number of Days Modified, up to 90 days.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;That's a great level of control. So, whether you're dealing with a public or private registry, there's a solution to ensure continuous security. But how do you actually connect a registry, especially one that isn't from a major cloud provider?&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That's a great question. You can manually onboard registries like a Docker V2-compliant container registry as a new data connector. A Docker V2 registry complies with the Docker Registry HTTP API V2. The Cortex Cloud connector is designed to scan and secure images from any registry that supports this protocol.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;So, what would that look like in practice?&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P data-unlink="true"&gt;A good example is a registry like registry-1.docker.io. The URL you would use to connect for scanning is https://registry-1.docker.io/&amp;nbsp;. You would simply provide this URL along with the username and password for authentication. You would then select a scan mode among the ones which we spoke about earlier and that’s it&lt;/P&gt;
&lt;P&gt;In practice, it’s quite simple. You just add the URL of the registry that supports the API, provide your username and password for authentication, and then select your preferred scan mode. For example, if you were using a standard Docker registry, you’d just point the tool to that specific web address, enter your credentials, and you’re good to go.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;That's a very clear example. It shows how the tool works in the real world. Why is it so crucial for a company's security posture?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;There are two main benefits. First, it enables proactive identification and remediation of security risks before deployment. This "shift-left" approach is far more cost-effective than dealing with a post-deployment security incident. Second, it ensures that your container images remain secure over time. The scan re-evaluation process automatically reassesses existing scan results every 24 hours using the latest threat intelligence, without requiring a full re-scan. This allows organizations to proactively mitigate emerging threats and maintain compliance.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Fantastic, Sindhuja. This has been incredibly informative. Thanks for breaking down this crucial topic for us.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;FONT color="#FF6600"&gt;&lt;I&gt;Sindhuja:&lt;/I&gt;&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;My pleasure. Thanks for having me.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;&lt;I&gt;John:&lt;/I&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;Thanks again Sindhuja and PANCasters, as always you can find the transcript and more info at live.paloalotonetworks.com.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Related Content:&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A title="How Container Registry Scanning Works" href="https://docs-cortex.paloaltonetworks.com/r/Cortex-CLOUD/Cortex-Cloud-Posture-Management-Documentation/How-Container-Registry-Scanning-Works" target="_blank" rel="noopener nofollow noreferrer"&gt;How Container Registry Scanning Works&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A title="Configure registry scanning for cloud accounts" href="https://docs-cortex.paloaltonetworks.com/r/Cortex-CLOUD/Cortex-Cloud-Runtime-Security-Documentation/Configure-registry-scanning-for-cloud-accounts" target="_blank" rel="noopener nofollow noreferrer"&gt;Configure registry scanning for cloud accounts&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;LI-PRODUCT title="Cortex Cloud" id="cortex-cloud"&gt;&lt;/LI-PRODUCT&gt;&amp;nbsp;&lt;/P&gt;
&lt;/DIV&gt;</description>
    <pubDate>Thu, 02 Jul 2026 11:50:34 GMT</pubDate>
    <dc:creator>ozheng</dc:creator>
    <dc:date>2026-07-02T11:50:34Z</dc:date>
    <item>
      <title>PANCast™ Episode 58: Container Registry Scanning</title>
      <link>https://live.paloaltonetworks.com/t5/pancast-episodes/pancast-episode-58-container-registry-scanning/ta-p/1257891</link>
      <description>&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1782988443922.png" style="width: 400px;"&gt;&lt;img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/71931iA43F21D1F92FB29C/image-size/medium?v=v2&amp;amp;px=400" role="button" title="kiwi_0-1782988443922.png" alt="kiwi_0-1782988443922.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2026 11:50:34 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/pancast-episodes/pancast-episode-58-container-registry-scanning/ta-p/1257891</guid>
      <dc:creator>ozheng</dc:creator>
      <dc:date>2026-07-02T11:50:34Z</dc:date>
    </item>
  </channel>
</rss>

