Intruder Adds Container Image Scanning to Cloud Security Platform

April 14, 2026 Mike Vizard agentless container security, AWS Elastic Container Registry scanning, Azure Container Registry security, cloud security tools, DevSecOps automation, Google Cloud Artifact Registry, GregAI security analyst, Intruder container scanning, midsize organization cybersecurity, software supply chain security, Vulnerability Management

by Mike Vizard

Intruder has added an ability to scan container images to its portfolio of graphical cloud security tools it makes available for cybersecurity teams.

Andy Hornegold, vice president of product for Intruder, said that as applications based on container images become more widely deployed in cloud computing environments, it has become apparent that cybersecurity teams need tools to scan them without having to learn complex tools designed for software engineering teams.

Intruder provides a more intuitive graphical user interface that can be used by both cybersecurity and application development teams as needed without anyone having to deploy agent software, he added. Instead, Intruder already provides integration with the Amazon Web Services Elastic Container Registry, Google Cloud Artifact Registry and Azure Container Registry service that are scanned daily for vulnerabilities that are prioritized alongside other security issues, including misconfigurations, noted Hornegold.

That registry-level integration makes it possible to detect issues before the image runs in a production environment, he added. Additionally, the Intruder platform marks the use of tags to ensure scans are focused on images that are actually in use in a cloud computing environment.

Initially launched last year, Intruder has been mainly focused on the cloud security requirements of midsize organizations that typically don’t have dedicated DevSecOps engineering teams, said Hornegold. It includes GregAI, an artificial intelligence (AI) security analyst that the company has created to provide a deeper understanding of cloud security issues.

However, the overall size of the IT environments being managed by these organizations only continues to grow. A recent survey of 502 senior security leaders at organizations with 400 to 6,000 employees that generate at least $50 million in annual revenue finds 91% of respondents work for organizations that grew their digital estate in the past 24 months, with well over a third (38%) reporting that those environments grew significantly. However, only 30% of respondents report their organization grew headcount faster than their digital estate and 41% report IT teams are feeling the strain.

In the wake of multiple attacks against software supply chains, including one that specifically targeted the open source Trivy vulnerability scanner used widely in cloud-native application environments, many DevSecOps teams are at the very least reevaluating their approach to application security. In fact, a recent Futurum Group survey finds 39% plans to increase spending on software security testing over the next 12 to 18 months.

It’s not clear to what degree responsibility for testing software for vulnerabilities prior to deployment might shift to cybersecurity teams. The challenge has always been that the first thing an application development team will cut back on to make a deadline is testing. Cybersecurity teams, naturally, have a vested interest in preventing as many vulnerabilities as possible from making it into production environments, but they generally lack any ability to fix any of the issues they might discover.

Hopefully, as DevSecOps continues to evolve, many more vulnerabilities will be automatically remediated. The issue, of course, is that in the age of AI, there is, at least in the short term, a lot more of them to remediate as the volume of flawed code being generated continues to exponentially increase.