Skip to content

Docs CSC now features an automatic Finnish translation. Click here for more information.

Warning!

Puhti and Mahti are being decommissioned in stages, and their storage areas will become fully unavailable from 15 October 2026. Clean up unnecessary files and move any data you need to keep by 31 August 2026. See the Roihu data migration guide for instructions on transferring your data to Roihu.

Puhti scratch is very full: keep only active data there and move or delete everything else. No new Puhti scratch quota will be granted.

Vulnerability Scanning

Vulnerability scanning analyzes container images to identify known security issues in the operating system packages or libraries they contain. Satama has an integrated tool, Trivy, to perform these scans automatically or on-demand.

Enable Automatic Vulnerability Scanning

You can enable automatic scan of images on push.

  • Inside the project, navigate to Configuration tab.
  • Locate the Vulnerability scanning section.
  • Check box in front of Automatically scan images on push

If enabled, every time a user pushes an image, Satama automatically scans it for CVEs. If disabled, user can manually trigger scans.

Run Manual Scan

You can run manual scan for individual images.

Manual CVE scan

  • Click on the repository and select the image you want to scan.
  • Go to Additions section.
  • Click on Vulnerabilities tab.
  • You can start scanning by clicking on scan vulnerability button.

Check the Scan Result

Once scan is completed, all CVEs will be displayed under Vulnerabilities tab. Satama displays:

  • Number of vulnerabilities
  • Severity levels (Critical, High, Medium, Low)
  • Affected packages
  • Recommended fixes