Scanning application images

Some end customers may want to scan the images for every release of your application before upgrading. To accomplish this, many end customers will use a single license to run two instances of the application. One in a staging/UAT environment, and another in the production environment. When you ship a new version, they’ll run that release in the staging env to pull all the containers. Then, they can either move those images into a scanning engine like Anchore or run a scanning agent like Twistlock directly on that UAT server
Once the scan passes on the staging server, they’ll proceed to install that same release sequence on the production server