top of page

Introducing Container Scanning: Deeper Insight into Dependencies

  • Writer: Giuliana Bruni
    Giuliana Bruni
  • 2 days ago
  • 2 min read

Orange robot scans container with green frankie. Text: "PRODUCT UPDATE Container Scanning" on a digital-themed background.

We’re constantly evolving our open source intelligence to help teams achieve full transparency over the software they build and deploy. We’re have now added Container Scanning — giving development, security and compliance teams deep visibility into the full set of open source components bundled inside container images.


Containers are often described as “mini operating systems” that carry not just your application, but also all its supporting libraries, runtime environments and system dependencies. That makes them incredibly useful for ensuring consistent deployments.


SCANOSS can now analyse container images (Docker and OCI) and generate a complete Software Bill of Materials (SBOM) that includes not only your application’s dependencies, but also everything else the container brings with it — from obscure system packages to hidden bundled libraries.


Why It Matters


Traditional SBOMs focus on the application layer. But when software runs inside containers, that’s only half the picture.


For example, a developer may scan a Python CLI tool and receive a clean SBOM for that codebase. However, once that tool is packaged and run inside a container, the environment could include hundreds or thousands of additional components — often inherited from upstream base images or pre-installed packages. These components may carry security vulnerabilities, outdated versions, unapproved licences or hidden weak encryption.


Container Scanning ensures those risks don’t go unnoticed.


By scanning the entire container, SCANOSS gives you:


  • A complete and accurate SBOM, including every package within the container, both declared and undeclared components.

  • Full visibility of security and legal risk, across both the application and the runtime environment, including components inherited from base images or third-party layers.

  • A simple, CLI-driven workflow that fits directly into your existing pipelines.




Available Now


Container Scanning is available in the latest version of the SCANOSS Python CLI. Whether you’re scanning locally or integrating into your DevSecOps pipelines, the process is simple, fast and fully aligned with the SCANOSS open source approach.


Contact to to get complete visibility and control over your open source.



Adopt SCANOSS today

Get complete visibility and control over your open source.

bottom of page