Here are 12 image scanning best practices for you.
1: Bake image scanning into your CI/CD pipelines
2: Adopt inline scanning to keep control of your privacy
3: Perform image scanning at registries
4: Leverage Kubernetes admission controllers
5: Pin your image versions
6: Scan for OS vulnerabilities
7: Make use of distroless images
8: Scan for vulnerabilities in third-party libraries
9: Optimize layer ordering
10: Scan for misconfigurations in your Dockerfile
11: Flag vulnerabilities quickly across Kubernetes deployments
12: Choose a SaaS-based scanning solution
Image scanning is the first line of defense in your Secure DevOps workflow. By automating it, you can maximize its potential and detect issues before they have the chance to become a problem. Following image scanning best practices will help you embed security into without slowing you down.
Also, image scanning is not something you apply once, but rather a continuous checkpoint in several moments of your workflow, including when building, on registries, before deploying, and once your containers are already running.