You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/faq-defender-for-containers.yml
+9-2Lines changed: 9 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -99,9 +99,9 @@ sections:
99
99
No, the Qualys scanner is hosted by Microsoft, and no customer data is shared with Qualys.
100
100
101
101
- question: |
102
-
Why is Defender for Cloud alerting me to vulnerabilities about an image that isn’t in my registry?
102
+
Why is Defender for Cloud alerting me to vulnerabilities about an image that isn't in my registry?
103
103
answer: |
104
-
Some images may reuse tags from an image that was already scanned. For example, you may reassign the tag “Latest” every time you add an image to a digest. In such cases, the ‘old’ image does still exist in the registry and may still be pulled by its digest. If the image has security findings and is pulled, it will expose security vulnerabilities.
104
+
Some images may reuse tags from an image that was already scanned. For example, you may reassign the tag “Latest” every time you add an image to a digest. In such cases, the 'old' image does still exist in the registry and may still be pulled by its digest. If the image has security findings and is pulled, it will expose security vulnerabilities.
105
105
106
106
- question: |
107
107
Does Defender for Containers scan images in Microsoft Container Registry?
@@ -115,6 +115,13 @@ sections:
115
115
answer: |
116
116
Yes. The results are under [Sub-Assessments REST API](/rest/api/defenderforcloud/sub-assessments/list). Also, you can use Azure Resource Graph (ARG), the Kusto-like API for all of your resources: a query can fetch a specific scan.
117
117
118
+
- question: |
119
+
How do I check which media type my containers are using?
120
+
answer: |
121
+
To check an image type, you need to use a tool that can check the raw image manifest such as [skopeo](https://github.com/containers/skopeo), and inspect the raw image format.
122
+
For the Docker v2 format, the manifest media type would be **application/vnd.docker.distribution.manifest.v1+json** or **application/vnd.docker.distribution.manifest.v2+json**, as documented [here](https://docs.docker.com/registry/spec/manifest-v2-2/).
123
+
For the OCI image format, the manifest media type would be **application/vnd.oci.image.manifest.v1+json**, and config media type **application/vnd.oci.image.config.v1+json**, as documented [here](https://specs.opencontainers.org/image-spec/media-types/).
0 commit comments