Skip to main content

Unscanned Active Images - FAQs

How is an image/container determined as active?

An active image is essentially a container that is running the image.

  • If you have a Lacework agent installed with a container registry integration assessing the image, the image can then be determined as active or inactive.
  • If you have an Agentless Workload Scanning integration, the image can then be determined as active or inactive (as containers are scanned as part of the Agentless integration). By default, Agentless scanning only occurs once every 24 hours.

Active containers detected in the last 24 hours are displayed in the Lacework Console at Vulnerabilities > Containers > Active Images tab.

Where do the unscanned active images come from?

When a Lacework agent is monitoring a container, and there is no integration with the container registry for the corresponding image, it means that there is no image scan available for that particular container.

As a result, the image is marked as an unscanned active image.

Container registry integrations can be set up using either of the following methods:

Additionally, any issues with your Agentless Workload Scanning integration can result in unscanned active images.

Why are active images unscanned?

Agentless Workload Scanning

  • Unsupported environments

See Support Matrix for a list of supported environments.

Lacework Agent

  • No container registry integration for the images found.

See Integrate Container Registries for details on how to integrate your registries.