Scanners
This feature was deprecated in Calico Cloud version 21.1.0 and will be removed in a future release. Availability depends on when you started using Calico Cloud.
- For users who started using Calico Cloud in April 2025 or later, this feature is not available.
- Legacy users, who started using Calico Cloud before April 2025, can continue to use this feature until it is removed in a future release.
Choose an image scanning method
Compare the Calico Cloud Image Assurance scanner options and pick the right combination of cluster, registry, and pipeline scanning for your environment.
Scan images in a Kubernetes cluster
Scan every image running in a Kubernetes cluster with the Calico Cloud Image Assurance cluster scanner to catch CVEs in deployed and third-party images.
Integrate the scanner into your build pipeline
Integrate the Calico Cloud Image Assurance CLI scanner into a CI build pipeline to catch container image vulnerabilities before images reach a registry.
Scan images in container registries
Run the Calico Cloud Image Assurance registry scanner against container registries to catch CVEs in stored images that never pass through a build pipeline.