{"id":2358,"date":"2025-05-06T13:34:51","date_gmt":"2025-05-06T10:34:51","guid":{"rendered":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/"},"modified":"2025-05-06T13:34:51","modified_gmt":"2025-05-06T10:34:51","slug":"best-practices-for-scanning-container-base-images-for-cves-on-linux-servers","status":"publish","type":"post","link":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/","title":{"rendered":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers"},"content":{"rendered":"


\n<\/p>\n

In the world of containerization, security is paramount. As organizations increasingly adopt containerized applications for their flexibility and scalability, the need to secure these environments against vulnerabilities has never been more pressing. One of the most critical aspects of container security involves scanning base images for Common Vulnerabilities and Exposures (CVEs). This article explores best practices for scanning container base images on Linux servers.<\/p>\n

<\/p>\n

Understanding CVEs<\/h2>\n

<\/p>\n

Before diving into best practices, let\u2019s clarify what CVEs are. A CVE is a publicly known cybersecurity vulnerability that can be exploited by attackers. It is crucial to monitor and manage these vulnerabilities within your container images to reduce the risk of breaches.<\/p>\n

<\/p>\n

Why Scan Container Images?<\/h2>\n

<\/p>\n

Container base images often include packages and libraries that may have known vulnerabilities. Regularly scanning these images allows you to:<\/p>\n

<\/p>\n

    <\/p>\n
  1. Identify Vulnerabilities Early<\/strong>: Uncover security flaws before deploying to production, minimizing potential attack vectors.<\/li>\n

    <\/p>\n

  2. Maintain Compliance<\/strong>: Stay compliant with industry regulations and standards that require vulnerability management.<\/li>\n

    <\/p>\n

  3. Enhance Security Posture<\/strong>: By continuously monitoring, you can strengthen your overall security framework.<\/li>\n

    \n<\/ol>\n

    <\/p>\n

    Best Practices for Scanning Container Base Images<\/h2>\n

    <\/p>\n

    1. Automate Scanning in CI\/CD Pipelines<\/h3>\n

    <\/p>\n

    Integrating vulnerability scanning into your Continuous Integration and Continuous Deployment (CI\/CD) pipeline helps ensure that images are scanned automatically before deployment. This creates a consistent process for maintaining security across all deployments. Here is how to do it:<\/p>\n

    <\/p>\n

      <\/p>\n
    • Integrate Scanners<\/strong>: Utilize tools like Trivy, Clair, or Anchore to automate the scanning process.<\/li>\n

      <\/p>\n

    • Fail Builds on Vulnerabilities<\/strong>: Set your CI\/CD to fail builds if severe vulnerabilities are found, preventing potentially harmful images from being deployed.<\/li>\n

      \n<\/ul>\n

      <\/p>\n

      2. Choose the Right Scanning Tools<\/h3>\n

      <\/p>\n

      Selecting the right scanning tools can make a significant difference in vulnerability detection. Consider the following:<\/p>\n

      <\/p>\n

        <\/p>\n
      • Depth of Scanning<\/strong>: Ensure the tool provides comprehensive scanning capabilities, including libraries and dependencies.<\/li>\n

        <\/p>\n

      • Real-time Monitoring<\/strong>: Tools that offer continuous monitoring allow you to be alerted about new vulnerabilities as they are discovered.<\/li>\n

        <\/p>\n

      • Integration Capabilities<\/strong>: The ability to easily integrate into your existing workflows is crucial for efficiency.<\/li>\n

        \n<\/ul>\n

        <\/p>\n

        3. Regularly Update Base Images<\/h3>\n

        <\/p>\n

        Outdated base images often harbor vulnerabilities that have been fixed in newer releases. Establish a schedule for:<\/p>\n

        <\/p>\n

          <\/p>\n
        • Regular Updates<\/strong>: Keep your base images updated frequently to include security patches and improvements.<\/li>\n

          <\/p>\n

        • Use Minimal Base Images<\/strong>: Opt for smaller, more secure base images that contain fewer packages and, consequently, fewer potential vulnerabilities.<\/li>\n

          \n<\/ul>\n

          <\/p>\n

          4. Monitor the CVEs of Used Packages<\/h3>\n

          <\/p>\n

          Not all vulnerabilities are explicitly listed in the base image. It is vital to monitor the packages and libraries that you include in your image. Follow these steps:<\/p>\n

          <\/p>\n

            <\/p>\n
          • Stay Informed<\/strong>: Regularly check the official CVE databases to stay updated on vulnerabilities affecting specific packages.<\/li>\n

            <\/p>\n

          • Pin Dependency Versions<\/strong>: Use fixed versions of libraries in your Dockerfiles to avoid unexpectedly pulling in vulnerable updates.<\/li>\n

            \n<\/ul>\n

            <\/p>\n

            5. Implement Layered Security<\/h3>\n

            <\/p>\n

            While scanning is essential, a comprehensive security posture includes multiple layers of protection. Consider the following:<\/p>\n

            <\/p>\n

              <\/p>\n
            • Use Container Security Solutions<\/strong>: Leverage tools that offer runtime protection, such as anomaly detection and intrusion detection systems.<\/li>\n

              <\/p>\n

            • Network Segmenting<\/strong>: Implement micro-segmentation to limit container communication, thereby reducing the risk of lateral movement in the case of a breach.<\/li>\n

              \n<\/ul>\n

              <\/p>\n

              6. Set Up a Vulnerability Management Process<\/h3>\n

              <\/p>\n

              Develop a structured approach to manage discovered vulnerabilities:<\/p>\n

              <\/p>\n

                <\/p>\n
              • Severity Classification<\/strong>: Classify vulnerabilities based on severity to prioritize remediation effectively.<\/li>\n

                <\/p>\n

              • Remediation Plans<\/strong>: Have a clear strategy for how you will address various types of vulnerabilities (e.g., immediate patching, evaluating for impact).<\/li>\n

                \n<\/ul>\n

                <\/p>\n

                7. Educate Your Development Team<\/h3>\n

                <\/p>\n

                Security is a shared responsibility. Foster a culture of security within your development team through:<\/p>\n

                <\/p>\n

                  <\/p>\n
                • Training<\/strong>: Provide training on secure coding practices and the importance of vulnerability scanning.<\/li>\n

                  <\/p>\n

                • Documentation<\/strong>: Maintain clear documentation on processes and best practices related to container security and vulnerability management.<\/li>\n

                  \n<\/ul>\n

                  <\/p>\n

                  Conclusion<\/h2>\n

                  <\/p>\n

                  Scanning container base images for CVEs is not just a best practice; it’s a necessity in today’s landscape of cybersecurity threats. By implementing the strategies outlined in this article, you\u2019ll build a robust security posture that not only protects your applications but also strengthens your organization’s overall security framework. As container technology continues to evolve, staying proactive about vulnerability management will be essential for securing your environments.<\/p>\n

                  <\/p>\n

                  Remember, security is an ongoing process. Regularly revisit your practices, stay informed about the latest vulnerabilities, and adapt to the ever-changing threat landscape.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

                  In the world of containerization, security is paramount. As organizations increasingly adopt containerized applications for their flexibility and scalability, the need to secure these environments against vulnerabilities has never been more pressing. One of the most critical aspects of container security involves scanning base images for Common Vulnerabilities and Exposures (CVEs). This article explores best […]<\/p>\n","protected":false},"author":2,"featured_media":2359,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[878,656,1379,439,265,237,595,302],"class_list":["post-2358","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-security","tag-base","tag-container","tag-cves","tag-images","tag-linux","tag-practices","tag-scanning","tag-servers","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"\nBest Practices for Scanning Container Base Images for CVEs on Linux Servers - WafaTech Blogs<\/title>\n<meta name=\"description\" content=\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers\" \/>\n<meta property=\"og:description\" content=\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"WafaTech Blogs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-06T10:34:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2221\" \/>\n\t<meta property=\"og:image:height\" content=\"482\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"WafaTech SA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:site\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WafaTech SA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/\"},\"author\":{\"name\":\"WafaTech SA\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\"},\"headline\":\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers\",\"datePublished\":\"2025-05-06T10:34:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/\"},\"wordCount\":717,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png\",\"keywords\":[\"Base\",\"Container\",\"CVEs\",\"Images\",\"Linux\",\"Practices\",\"Scanning\",\"Servers\"],\"articleSection\":[\"Linux Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/\",\"name\":\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers - WafaTech Blogs\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png\",\"datePublished\":\"2025-05-06T10:34:51+00:00\",\"description\":\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png\",\"width\":1024,\"height\":1024,\"caption\":\"linux server scanning container base images for CVEs\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Best Practices for Scanning Container Base Images for CVEs on Linux Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"name\":\"WafaTech Blogs\",\"description\":\"Smart Technologies\",\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"alternateName\":\"WafaTech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\",\"name\":\"WafaTech Blogs\",\"alternateName\":\"WafaTech\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"width\":2221,\"height\":482,\"caption\":\"WafaTech Blogs\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/WafaTech\\\/61560546351289\\\/\",\"https:\\\/\\\/x.com\\\/wafatech_sa\",\"https:\\\/\\\/www.youtube.com\\\/@wafatech-sa\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wafatech\\\/\"],\"description\":\"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.\",\"email\":\"sales@wafatech.sa\",\"legalName\":\"Al-Wafa Al-Dhakia For Information Technology LLC\",\"foundingDate\":\"2013-01-08\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\",\"name\":\"WafaTech SA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"caption\":\"WafaTech SA\"},\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/author\\\/omer-yaseen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers - WafaTech Blogs","description":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/","og_locale":"en_US","og_type":"article","og_title":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers","og_description":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %","og_url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/","og_site_name":"WafaTech Blogs","article_publisher":"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","article_published_time":"2025-05-06T10:34:51+00:00","og_image":[{"width":2221,"height":482,"url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","type":"image\/webp"}],"author":"WafaTech SA","twitter_card":"summary_large_image","twitter_creator":"@wafatech_sa","twitter_site":"@wafatech_sa","twitter_misc":{"Written by":"WafaTech SA","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#article","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/"},"author":{"name":"WafaTech SA","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06"},"headline":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers","datePublished":"2025-05-06T10:34:51+00:00","mainEntityOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/"},"wordCount":717,"commentCount":0,"publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png","keywords":["Base","Container","CVEs","Images","Linux","Practices","Scanning","Servers"],"articleSection":["Linux Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/","url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/","name":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers - WafaTech Blogs","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#primaryimage"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png","datePublished":"2025-05-06T10:34:51+00:00","description":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers %","breadcrumb":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#primaryimage","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png","width":1024,"height":1024,"caption":"linux server scanning container base images for CVEs"},{"@type":"BreadcrumbList","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/best-practices-for-scanning-container-base-images-for-cves-on-linux-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wafatech.sa\/blog\/"},{"@type":"ListItem","position":2,"name":"Best Practices for Scanning Container Base Images for CVEs on Linux Servers"}]},{"@type":"WebSite","@id":"https:\/\/wafatech.sa\/blog\/#website","url":"https:\/\/wafatech.sa\/blog\/","name":"WafaTech Blogs","description":"Smart Technologies","publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"alternateName":"WafaTech","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wafatech.sa\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wafatech.sa\/blog\/#organization","name":"WafaTech Blogs","alternateName":"WafaTech","url":"https:\/\/wafatech.sa\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","width":2221,"height":482,"caption":"WafaTech Blogs"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","https:\/\/x.com\/wafatech_sa","https:\/\/www.youtube.com\/@wafatech-sa","https:\/\/www.linkedin.com\/company\/wafatech\/"],"description":"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.","email":"sales@wafatech.sa","legalName":"Al-Wafa Al-Dhakia For Information Technology LLC","foundingDate":"2013-01-08","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06","name":"WafaTech SA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","caption":"WafaTech SA"},"url":"https:\/\/wafatech.sa\/blog\/author\/omer-yaseen\/"}]}},"jetpack_featured_media_url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Best-Practices-for-Scanning-Container-Base-Images-for-CVEs-on.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/comments?post=2358"}],"version-history":[{"count":0,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2358\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media\/2359"}],"wp:attachment":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media?parent=2358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/categories?post=2358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/tags?post=2358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}