Container image discovery
-
- UpdatedFeb 1, 2024
- 3 minutes to read
- Vancouver
- Discovery
The Discovery and Service Mapping Patterns application uses the Scan Container Image pattern to discover Docker images and OS packages data. Discovering some of these resources requires updating the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Verify the REST API Permissions
Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are released monthly so check periodically to be sure you have the latest version of the spreadsheet.
For information about performing a container image scan, see Scan container images.
The Scan Container Image pattern supports Aqua Trivy starting with version 0.44.0. The last version validated is 0.51.0.
- Public repositories
- Self-hosted private repositories
- Amazon Elastic Container Registry (Amazon ECR), both public and private repositories
Data collected by Discovery for container image scans
| Field | Description |
|---|---|
|
Application [cmdb_ci_appl] table |
|
|
Name [name] |
Name of the container application. The MSSQL application record required name format: ApplicationTableName@containerName Example: MSFT SQL Instance@/sql1 |
|
Container environment variables [cmdb_container_environment_variables] table |
|
| Container [container] | Name of the container. |
| Key [key] | Name of the Container environment variable. |
| Value [value] | Container environment variable value. |
Temporary tables for container image scans
| Field | Description |
|---|---|
|
Container image scan Status [sn_itom_pattern_container_image_scan_status] |
|
| Image [image] | Name of the container image. |
| Message [message] | Errors or issues with the scanning process. |
| CI Class [ci_class] | The image CI class based on the image command details. |
| Discovery status [discovery_status] | The discovery status record of the image scan. |
| Scan Status [scan_status] | The scan status. The available values are:
|
|
Container image OS packages [sn_itom_pattern_container_image_os_packages] table |
|
| Image [image] | Name of the container image. |
| Package Name [package_name] | Name of the software package. |
| Package Version [package_version] | Version of the software package. |
| Package Maintainer [package_maintainer] | Name of the package maintainer. |
|
Container Enrich Scripts [sn_itom_pattern_container_enrich_scripts] |
|
| Active [active] | Whether the enrich script state is active. |
| CI Type [ci_type] | The CI type to which the enrich script is applicable. |
| Order [order] | Execution order of a particular script. |
| Script [script] | The enrich script name. |
Relationships
These relationships are created to support the container image discovery.
On this page
Related Content
- Docker virtualization
Discovery uses the Docker Pattern to collect data about specific objects in a Docker engine, running on a Linux host.
- Kubernetes discovery
The ServiceNow ITOM Visibility finds Kubernetes and OpenShift components and creates application services containing them. Discovery also finds Kubernetes events and frequently updates the CMDB to reflect the dynamic Kubernetes environment.