[Yandex Cloud documentation](../../../index.md) > [Yandex Security Deck](../../index.md) > [Step-by-step guides](../index.md) > [Vulnerability Management (VM)](index.md) > Activating a module

# Activating the module Vulnerability Management (VM)

{% note info %}

This feature is in the [Preview](../../../overview/concepts/launch-stages.md) stage. To get access, contact [tech support](https://center.yandex.cloud/support) or your account manager.

{% endnote %}

Vulnerability Management enables you to centrally manage container image vulnerability scanning and view scan results within your workspace.

To get started with Vulnerability Management:

1. [Create](../../../iam/operations/sa/create.md) a service account Vulnerability Management will use to view the info on Container Registry and Cloud Registry registries and Managed Service for Kubernetes clusters.
1. [Assign](../../../iam/operations/sa/assign-role-for-sa.md) to the service account the `security-deck.worker` [role](../../security/index.md#security-deck-worker) for the organization, cloud, or folder.

    {% note info %}

    Vulnerability Management will only have access to resources residing in the relevant organization, cloud, or folder.

    {% endnote %}

    If you have assigned the role for a particular folder, the service account will also need the `auditor` role for the cloud.

1. [Create](../workspaces/create.md) a Security Deck workspace configured as follows:

    * In the connector settings under **Resources**:
      * Select the service account you created earlier.
      * Specify the clouds and folders you want to monitor for container image vulnerabilities.

    * In the **Control modules** section, select **Control modules** under **Vulnerability Management**.

1. Complete Vulnerability Management setup:
    1. Click ![image](../../../_assets/console-icons/wrench.svg) **Workspace parameters** on the new workspace page.
    1. Go to the **Vulnerability management** tab.
    1. Under **Scope of control**, select the clouds, folders, or individual registries within the workspace resources for vulnerability detection and control.

        The following options are available:
        * **All registries in the workspace**: Scan every Container Registry and Cloud Registry in the selected clouds and folders.
        * **Only registries in the selected location**: Scan registries only in the specified clouds or folders.
        * **Only images running in Managed Service for Kubernetes clusters**: Scan only images deployed in Managed Service for Kubernetes clusters. This requires [Kubernetes® Security Posture Management](../kspm/enable-kspm.md) to be on.

    1. Under **Periodic vulnerability search in registries**, enable regular scanning of images in registries to detect vulnerabilities discovered after the images get published.

    1. Under **Searching for vulnerabilities when adding images to registries**, enable scanning of images newly added to registries to detect known vulnerabilities in the supply chain.

        {% note info %}

        Vulnerability scanning of newly added images is only available in Cloud Registry.

        {% endnote %}

    1. Click **Save** and confirm the action.

{% note tip %}

To stop image scans, [delete](../workspaces/delete.md) the Security Deck workspace or disable Vulnerability Management in the workspace settings.

{% endnote %}