Image Vulnerability Scanning Cadence

Container images age. The scanning cadence and remediation policy that catches CVEs before they ship.

Scan cadence

Every image build. Pre-deploy gate.

Daily re-scan of running images. New CVEs are discovered against existing images.

Remediation policy

Critical CVEs: 7-day remediation window.

High CVEs: 30-day window. Medium and below: best-effort with quarterly cleanup.

Track

Per-image: list of open CVEs and their ages. Aging surfaces overdue items.

Aggregate by team: which teams have remediation backlogs?