The vulnerability scanning process includes these steps:

  1. The service pulls an image to Aqua servers.
  2. The service analyzes the image to discover the list of packages installed in it.
  3. The service checks for vulnerabilities in these packages and saves the results.
  4. The image is deleted from Aqua servers.