Docker Containers
Containers is the cross-fleet view of every Docker container the agent has found — regardless of which host runs it. If you have Docker installed anywhere in the fleet, this is where it shows up.
What you see
Section titled “What you see”At /containers the header shows the total container count across how many hosts, plus a stopped-count callout. The table lists:
- Container name
- Image and tag
- Host it runs on (link to the server detail)
- Status — running / stopped / paused / restarting
- Ports exposed
- CPU and memory usage
- Uptime
- Last scanned — timestamp of the most recent image scan
Filters cover host, image, and status.
What you can do
Section titled “What you can do”Per container (three-dot menu on each row, or on the detail page):
- Start / Stop / Restart — the action is sent to the host’s agent and reflected in the row within a couple of heartbeats.
- Scan image — kicks off a CVE scan of the image. Results appear on the container detail once the scan finishes.
- View diff — shows what has changed inside the container filesystem since it started (files added / modified / deleted).
- Logs — pull the last N lines of stdout/stderr from the container.
At the top of the page:
- Cleanup — pick a host and run a Docker prune: remove unused containers, unused images, optionally also unused volumes, optionally all images (not just dangling). Handy after a big image update.
Container detail
Section titled “Container detail”Opens a page with:
- Header — name, host, image, status, current CPU / RAM.
- Events timeline — starts, stops, restarts, health-check transitions.
- Latest scan panel — vulnerabilities by severity with links to fixes.
- Ports and volumes as declared in the runtime config.
- Logs panel — tail the last lines on demand.
How it works
Section titled “How it works”- The agent discovers containers by talking to the local Docker socket. No inbound network access to your Docker daemon is ever needed.
- Metrics (CPU %, memory, network I/O, PIDs) are refreshed each agent heartbeat.
- Image scans are delegated to the Akyros Labs codelake scanner — HostAtlas hands off the image reference, codelake returns the vulnerability report, and HostAtlas persists it for the container. You don’t need a separate codelake account; the integration is transparent.
- Start / stop / restart are queued through the agent and are idempotent — a stuck action clears on its own after a short timeout.
- Diff is a snapshot compare between the container’s current rootfs and its base image.
Related
Section titled “Related”- Servers — see all containers on a single host on the Containers tab of the server detail.
- Vulnerabilities — CVE findings across hosts, including images.
- Kubernetes — cluster-level container orchestration view.