Skip to content
Last updated July 2, 2026

Docker Containers

Containers is the cross-fleet view of every Docker container the agent has found — regardless of which host runs it. If you have Docker installed anywhere in the fleet, this is where it shows up.

At /containers the header shows the total container count across how many hosts, plus a stopped-count callout. The table lists:

  • Container name
  • Image and tag
  • Host it runs on (link to the server detail)
  • Status — running / stopped / paused / restarting
  • Ports exposed
  • CPU and memory usage
  • Uptime
  • Last scanned — timestamp of the most recent image scan

Filters cover host, image, and status.

Per container (three-dot menu on each row, or on the detail page):

  • Start / Stop / Restart — the action is sent to the host’s agent and reflected in the row within a couple of heartbeats.
  • Scan image — kicks off a CVE scan of the image. Results appear on the container detail once the scan finishes.
  • View diff — shows what has changed inside the container filesystem since it started (files added / modified / deleted).
  • Logs — pull the last N lines of stdout/stderr from the container.

At the top of the page:

  • Cleanup — pick a host and run a Docker prune: remove unused containers, unused images, optionally also unused volumes, optionally all images (not just dangling). Handy after a big image update.

Opens a page with:

  • Header — name, host, image, status, current CPU / RAM.
  • Events timeline — starts, stops, restarts, health-check transitions.
  • Latest scan panel — vulnerabilities by severity with links to fixes.
  • Ports and volumes as declared in the runtime config.
  • Logs panel — tail the last lines on demand.
  • The agent discovers containers by talking to the local Docker socket. No inbound network access to your Docker daemon is ever needed.
  • Metrics (CPU %, memory, network I/O, PIDs) are refreshed each agent heartbeat.
  • Image scans are delegated to the Akyros Labs codelake scanner — HostAtlas hands off the image reference, codelake returns the vulnerability report, and HostAtlas persists it for the container. You don’t need a separate codelake account; the integration is transparent.
  • Start / stop / restart are queued through the agent and are idempotent — a stuck action clears on its own after a short timeout.
  • Diff is a snapshot compare between the container’s current rootfs and its base image.
  • Servers — see all containers on a single host on the Containers tab of the server detail.
  • Vulnerabilities — CVE findings across hosts, including images.
  • Kubernetes — cluster-level container orchestration view.
Was this page helpful?