[Yandex Cloud documentation](../../index.md) > [Yandex Security Deck](../index.md) > [Concepts](index.md) > Vulnerability Management (VM)

# About Vulnerability Management (VM)

{% note info %}

This feature is in the [Preview](../../overview/concepts/launch-stages.md) stage. To get access, contact [tech support](https://center.yandex.cloud/support) or your account manager.

{% endnote %}

**Vulnerability Management** is a tool for centralized management of container image vulnerability scanning and for viewing scan results within your [workspace](workspace.md).

It detects vulnerabilities in container images stored in Container Registry and Cloud Registry and in images run in Managed Service for Kubernetes clusters.

## Image scanning {#scanning}

Vulnerability Management supports scanning container images from the following sources:

* [Yandex Container Registry](../../container-registry/index.md), the Docker image storage and distribution service.
* [Yandex Cloud Registry](../../cloud-registry/index.md), the artifact storage and distribution service for artifacts of different types, including container images.
* Kubernetes clusters monitored by [Kubernetes® Security Posture Management (KSPM)](kspm.md).

### Scan triggers {#scan-triggers}

Image scanning can start automatically on one of the following triggers:

* **Image push**: Scanning starts automatically when you push a new image to Container Registry or Cloud Registry.
* **Scheduled run**: Scanning starts from time to time according to a schedule. The scan covers all images in the registries, including those added after the previous scan.
* **Image use**: Scanning starts automatically when you create a new Managed Service for Kubernetes cluster or container with an image in an existing cluster.

You can combine the triggers for maximum scan coverage.

### Scanning images in Kubernetes clusters {#k8s-scanning}

When integrated with [KSPM](kspm.md), Vulnerability Management automatically detects images running in Managed Service for Kubernetes clusters assigned to the workspace.

With the scheduled scan trigger on, the scanning of Kubernetes cluster images works like a filter: each run generates a list of images which are then scanned.


#### Useful links {#see-also}

* [Security Deck workspaces](workspace.md)
* [Kubernetes® Security Posture Management (KSPM)](kspm.md)
* [About Alerts](alerts.md)