Image Assurance
This feature was deprecated in Calico Cloud version 21.1.0 and will be removed in a future release. Availability depends on when you started using Calico Cloud.
- For users who started using Calico Cloud in April 2025 or later, this feature is not available.
- Legacy users, who started using Calico Cloud before April 2025, can continue to use this feature until it is removed in a future release.
Detect and block vulnerable images from container workloads.
Scanning images for vulnerabilities
Choose an image scanning method
Compare the Calico Cloud Image Assurance scanner options and pick the right combination of cluster, registry, and pipeline scanning for your environment.
Scan images in a Kubernetes cluster
Scan every image running in a Kubernetes cluster with the Calico Cloud Image Assurance cluster scanner to catch CVEs in deployed and third-party images.
Scan images in container registries
Run the Calico Cloud Image Assurance registry scanner against container registries to catch CVEs in stored images that never pass through a build pipeline.
Integrate the scanner into your build pipeline
Integrate the Calico Cloud Image Assurance CLI scanner into a CI build pipeline to catch container image vulnerabilities before images reach a registry.
Working with scan results
Set up alerts on vulnerabilities
Configure Calico Cloud Image Assurance alerts on high-severity vulnerabilities so security teams are notified and can route remediation to the right owners.
View scanned and running images
Interpret scanned and running image results in the Calico Cloud Image Assurance dashboard, including filters, dismissals, and per-image vulnerability detail.
Exclude vulnerabilities from scan results
Exclude false-positive or low-priority vulnerabilities from Calico Cloud Image Assurance scan results to cut noise and focus on findings that need remediation.