Lacework provides the ability to assess, identify, and report vulnerabilities found in the operating system software packages in a Docker container image before the container image is deployed. Lacework also supports scanning of non-OS packages for programming languages (Java, Ruby, PHP, GO, NPM, .NET, Python).
This means you can identify and take action on software vulnerabilities in your risky container images and manage that risk proactively. In addition, Lacework automatically correlates assessed images to active containers in your monitored environment, so you have continuous visibility into your software vulnerability risk. For information about vulnerability alerts that could be reported, see Default Policies.