- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
on 07-02-2026 03:27 AM - edited on 07-02-2026 04:50 AM by kiwi
Episode Transcript:
John:
Hello and welcome back to PANCast™ Today we're exploring a critical component of modern security: container registry scanning. Joining me to shed some light on this is our expert, Sindhuja. Welcome!
Sindhuja:
Hey John, thanks for inviting me today and giving this opportunity to deliver another great episode of PANCast™. My name is Sindhuja and I am a Staff Technical Engineer working in the Cortex Cloud and Compute domain with a total of 8 years of experience in cyber security.
John:
So, Sindhuja, let's get right to it. What exactly is container registry scanning and why is it so important for a cloud environment?
Sindhuja:
Well, at its core, a container registry is a service for publishing and securely distributing container images. Think of it as a central hub where all your application components are stored.To take a step back, containers are essentially lightweight, standalone packages that contain everything an application needs to run—the code, libraries, and settings—so it works the same way regardless of where it’s deployed.
Container registry scanning is the process of identifying vulnerabilities, malware, and secrets within these images. The goal is to ensure you’re only using trusted and compliant images in your production environments.
John:
That makes perfect sense. It's like checking for defects in the raw materials before you start building. Can you walk us through how this process works?
Sindhuja:
Absolutely. The process has three key phases:
First, Discovery detects all the registries, repositories, and image tags in your environment. This step ensures no image is missed.
Second, the Scanning phase runs to find vulnerabilities, malware, and secrets within those images.
Finally, in the Evaluation phase, the scan results are used to create compliance findings that identify issues requiring remediation.
John:
That sounds very thorough. Does this process happen just once, or is there a way to keep things up to date?
Sindhuja:
That's a key point. After the initial scan, a scan re-evaluation process automatically reassesses the existing scan results every 24 hours. This uses the latest threat intelligence feeds without needing a full, resource-intensive re-scan. This ensures you can proactively mitigate risks as new threats emerge.
John:
That's fantastic. Now, the documentation mentions different ways to configure scanning. Can you explain the various modes and which one someone might choose?
Sindhuja:
Sure. When you connect a registry, you can choose from three main scan modes:
John:
So, a Broker VM would be for a registry that isn’t publicly accessible?
Sindhuja:
Exactly. It's designed for those private network environments. In addition to the scan mode, you can also configure the initial scan to focus on specific images to avoid unnecessary scans. For example, you can choose to scan:
John:
That's a great level of control. So, whether you're dealing with a public or private registry, there's a solution to ensure continuous security. But how do you actually connect a registry, especially one that isn't from a major cloud provider?
Sindhuja:
That's a great question. You can manually onboard registries like a Docker V2-compliant container registry as a new data connector. A Docker V2 registry complies with the Docker Registry HTTP API V2. The Cortex Cloud connector is designed to scan and secure images from any registry that supports this protocol.
John:
So, what would that look like in practice?
Sindhuja:
A good example is a registry like registry-1.docker.io. The URL you would use to connect for scanning is https://registry-1.docker.io/ . You would simply provide this URL along with the username and password for authentication. You would then select a scan mode among the ones which we spoke about earlier and that’s it
In practice, it’s quite simple. You just add the URL of the registry that supports the API, provide your username and password for authentication, and then select your preferred scan mode. For example, if you were using a standard Docker registry, you’d just point the tool to that specific web address, enter your credentials, and you’re good to go.
John:
That's a very clear example. It shows how the tool works in the real world. Why is it so crucial for a company's security posture?
Sindhuja:
There are two main benefits. First, it enables proactive identification and remediation of security risks before deployment. This "shift-left" approach is far more cost-effective than dealing with a post-deployment security incident. Second, it ensures that your container images remain secure over time. The scan re-evaluation process automatically reassesses existing scan results every 24 hours using the latest threat intelligence, without requiring a full re-scan. This allows organizations to proactively mitigate emerging threats and maintain compliance.
John:
Fantastic, Sindhuja. This has been incredibly informative. Thanks for breaking down this crucial topic for us.
Sindhuja:
My pleasure. Thanks for having me.
John:
Thanks again Sindhuja and PANCasters, as always you can find the transcript and more info at live.paloalotonetworks.com.
Related Content: