Skip to content

BigID Releases Open Source Tool for Container Image Monitoring

Par Jose Rodriguez, Sr. Cloud Security Engineer

2 minute de lecture

Organizations lack visibility into where their container images end up once they leave controlled environments. Today, BigID is open sourcing a production-ready container image crawler to help security teams monitor public registries and reduce supply chain risk.

Why We Built It

Two years ago, we set out to solve a growing problem: unauthorized copies of BigID container images appearing in public registries like DockerHub, AWS ECR Publicet Quay.io.

We couldn’t reliably detect these exposures. Découverte depended on chance. Someone had to manually find a public image.

That lack of visibility created both intellectual property risk and potential security exposure. We needed a scalable way to monitor where our container images appeared and whether they had been altered.

What We’re Releasing

Today, we’re open sourcing a production-ready container image crawler built for extensibility and scale.

Any organization can deploy it to monitor container images across public registries.

Out of the box, the crawler scans:

  • AWS ECR Public Gallery
  • DockerHub
  • Quay.io

The architecture uses a plugin-based system. Teams can quickly extend coverage to additional registries like:

  • GitHub Container Registry
  • GitLab
  • Private registries

This flexibility allows security teams to adapt monitoring to their specific environments.

Pourquoi c'est important

Unauthorized container images introduce more than IP risk. They create a supply chain security gap.

Attackers can modify legitimate images and republish them. Downstream users must then determine whether an image is trusted or tampered with.

Sans surveillance continue, organizations often discover these risks too late, after images have already been pulled and used.

Most teams still rely on manual discovery or external reports. That approach does not scale.

From Internal Tool to Open Source

We’ve run this crawler in production for two years. It gives us consistent visibility into unauthorized image distribution and helps us respond faster.

By open sourcing it, we aim to:

  • Lower the barrier to container image monitoring
  • Help security teams reduce supply chain risk
  • Enable broader community-driven improvements

Commencer

The repository is now available on GitHub.

Deploy it, extend it, and build on top of it. If you create something valuable, we welcome contributions back to the project.

Contenu

BigID for Semiconductor IP and Design Data Protection

Gain visibility into unstructured design data, reduce IP risk, and enforce controls without slowing innovation.

Télécharger le résumé de la solution

Postes connexes

Voir tous les articles