Vulnerabilities scanning with IONOS Container Registry

One year ago, IONOS Cloud added a new feature to their Container registry: Vulnerability Scanning. This blog post will give you an overview of how the feature can be used in your software development workflow.

To enable the "Vulnerabilities scanning" feature, ensure the checkbox is enabled when creating a new Container Registry. Be aware that you can't enable the feature for existing Container Registries.

As of December 2024, the feature costs an additional 0.02€ per GB of Docker image storage. Consider that when enabling this feature.

Once you have uploaded your Docker images to the Container registry, you can see the vulnerabilities in the artifact detail view:

Alternatively, you can use the "Vulnerability Search" to find a specific CVE among all your Docker images.

Since IONOS Cloud exposes all of its features via an API, you can also programmatically access the vulnerabilities per artifact and create issues in your ticket system. The API documentation to retrieve the vulnerabilities can be found here.

About six months ago, we enabled vulnerability scanning for our container registry, and so far, we are pleased with the results. It eliminates the need for third-party tools, which helps reduce tool complexity.