Nexus container integration with Nexus IQ and continuous monitoring

Hello,
I use Nexus IQ integration for Nexus Container:
https://help.sonatype.com/iqserver/integrations/nexus-container-scanning
and it’s working like a charm, I now have a simple and unique solution to scan all kind of artifacts, and in particular I have a complete composition analysis of my docker images, including operating system components.

I know that Nexus Container, like a lot of competitors, offers to “scan docker registries” to be able to monitor images in registries over time.

If “continuous monitoring” feature of Nexus IQ available for scan results coming from Nexus Container, then it should produce, to my knowledge, the same results than scanning docker registries but it’s from far smarter in term of user experience and performance.

Do you plan to offer “continuous monitoring” for components detected by Nexus Container and stored in Nexus IQ?

Eric

Hi @ericth! I reached out to our Integrations team about this - Although continuous monitoring can be enabled for container scanning, it will not report any new vulnerabilities, since all vulnerabilities are contained in the scan file. This is true for container scans only. So, if you want to monitor a certain image, the best way is to set up a CI job that will run a new policy evaluation for the target image on a schedule.