Find vulnerabilities in your containers before attackers do.
Paste an image name, get a full security report in minutes. CVEs with CVSS scores, exposed secrets, Dockerfile misconfigurations, and license compliance. Export as CSV, JSON, or SBOM.
node:18-bullseye
sha256:a1b2c3d4 · Debian 11 · amd64 · user: root
18
Critical
32
High
59
Medium
38
Low
Six scanners, one report
Every image gets a deep, automated security audit.
Vulnerabilities
CVEs by severity with CVSS scores, fixed versions, and which Dockerfile layer introduced them.
Secrets
Exposed API keys, passwords, tokens, and credentials buried in image layers.
Misconfigurations
Dockerfile best practices, running as root, and config issues with remediation steps.
Licenses
License compliance for every package. Spot copyleft or restricted licenses before they're a problem.
Layer analysis
See packages, vulnerabilities, and secrets per image layer. Know exactly what each instruction introduced.
Export anything
Download results as CSV, full JSON, or CycloneDX SBOM. Feed them into your existing tools and workflows.
Three steps, no setup
No CLI to install, no Docker socket to mount, no YAML to write.
Paste your image
Any public image from Docker Hub, GHCR, or any registry. Just the name.
nginx:alpine We scan everything
Every layer is analyzed for vulnerabilities, secrets, misconfigs, and licenses.
Get your report
Interactive results with filtering, expandable CVE details, and one-click export to CSV, JSON, or SBOM.
Try it on your stack
Scan any of these popular images to see what's really inside.
$0
Free
5 scans per day. No credit card. No trial.
Deep
Analysis
Six scanners check every layer of your image automatically.
Fast
Results in minutes
Most scans complete in under 2 minutes. Cached images return instantly.
Secure
By design
Sandboxed scanning. Your data stays private.
See what's in your containers.
Create a free account and run your first scan in under a minute.