 Your application's container image may itself be based on container images that contain known vulnerabilities. By including an extra job in your pipeline that scans for those vulnerabilities and displays them in a merge request. You can use GitLab to audit your container-based applications. Here's a merge request which contains container scanning. Click on Expand to expand the security scanning and see that container scanning has detected 13 potential vulnerabilities. They are all sorted by severity. If we go ahead and click on Vulnerability, we get a pop-up giving us detailed information on that vulnerability and how to resolve it. We also get the option to dismiss it and leave a comment for the security team to review or to create a confidential issue in order to collaborate on it later.