Recently, the use of application containers has become an increasingly popular way of executing applications on a host computer. A container provides for the isolation of a group of processes from the others on an operating system. By making use of existing operating system functionality (such as Linux name spaces), containers maintain their own private view of the operating system, file system structure, and network interfaces. Containers share the operating system kernel with other processes, but can be constrained to some extent to use an amount of resources such as the central processing unit (CPU), random access memory (RAM), or input/output (I/O) devices. Containers have proven advantageous because they typically have a small system “footprint.” That is, containers provide a relatively thin encapsulation layer above and beyond any applications contained therein. Thus, instantiation and deployment of containers is relatively quick.
Security scanning involves scanning system or application files for viruses, malware, or other threats. Because disk data for virtual machines are stored in virtual machine disk files, security scanning at least partially involves scanning the virtual machine disk files. Further, because virtual machines may execute containers, if security scanning for containers is desired, then the virtual machine disk file is scanned. Unfortunately, if scanning for a single container or only a few containers is desired, then an entire virtual machine disk file is scanned. Because this may result in a large amount of unnecessary scanning, which would waste computing resources, it would be advantageous if scanning could be performed in a more efficient manner.