This document explains direct scanning mode, which is deployed to scan images. In this process, the scanner pulls image directly from a registry, and scans it as a file. This is a default mode for the image scanning and does not need any configurations.

Features of direct scanning mode

Following functionalities work well with direct scanning mode:

  • After image scanning, the Layers tab of the Images screen shows the vulnerabilities detected during image scanning, on a per-layer basis.
  • The use of the Aqua Bench format for writing Custom Compliance Checks for Image Assurance Policies.
  • Use of the scanner executable binary, for performing user-initiated (ad-hoc) scanning without the need for a container engine. For more information, refer to Aqua Scanner Overview.

Fast scanning

Fast scanning is an Aqua’s feature that can reduce the time required to scan an image following its initial scan. This feature is enabled by default in your Aqua’s instance and does not need any configurations.

Data caching and privacy

When Aqua scans an image for the first time, it caches analysis-related metadata in the Aqua CyberCenter. For more information, refer to Data Sent to CyberCenter. When the image is re-scanned, Aqua employs the cached metadata to avoid redundant analysis of the same image. However, scanning (and re-scanning) results are always up-to-date with respect to the latest available information on vulnerabilities.

Aqua caches fast scanning metadata on a best-efforts basis. Due to cost considerations, Aqua may limit the amount of data cached in the CyberCenter. If there is no metadata for the image being scanned, the scanning time will be the same as first-time scanning.

To ensure each customer's data privacy, Aqua caches the scanning analysis metadata in a separate, dedicated area for each customer. This data cannot be accessed by Aqua or anyone else for use with any other customer.