Disabling scans on containers (BigFix scenario)

Edit online

By default, License Metric Tool scans all Docker or Podman containers that are deployed on computers where the BigFix client is installed providing the software discovery in containers requirements are met. If you do not want to scan the containers but still want to monitor the host computer, change the value of the DOCKER_SCAN parameter on the host computer.

About this task

You can disable software discovery on all containers that are deployed on a host computer. You cannot disable it on a subset of containers only. For more information about the requirements of software discovery in containers, see: Discovering software in containers.

Procedure

  1. Log in to the BigFix console, and click Computers.
  2. Select the host computer on which containers are deployed, and click Edit Settings.
  3. Click Add. Specify DOCKER_SCAN as the setting name, and false as the setting value. Then, click OK.
    Setting the DOCKER_SCAN parameter.

Results

Containers are no longer scanned. Scan results remain in the <BES Client>/LMT/CIT/docker/containers directory on the host computer but the directory itself is added to the list of excluded directories. Thus, the results are not transferred to License Metric Tool.
Important: The Docker file system directory /var/lib/docker and the Podman file system directory /var/lib/containers might contain copies of software ID tags. Thus, they are excluded from scanning to avoid duplicated software discovery.

If you want to re-enable the scans on containers, change the value of the DOCKER_SCAN parameter to true.