A large Swiss bank has asked for the ability to scan docker hosts and Kubernettes clusters.
They have already seen this article about scanning docker containers https://lollyrock.com/posts/inspec-for-docker/ and would like to be able to run scheduled scans from A2 against their full fleet
We get bonus points if we can detect things inside those containers and dynamically select profiles to be used in the scan (eg. A container running Tomcat and MySQL should run the Tomcat and MySQL profiles dynamically).
The initial MVP would likely just offer the ability to enumerate and scan the containers with static profiles.