1.0 Introduction
The article describes the Fortanix Key Insight user interface (UI) features for an on-premises containers infrastructure.
2.0 Terminology References
For Fortanix Key Insight – on-premises concepts and supported features, refer to On-premises Connection Concepts.
3.0 Overview
You can access the Overview page after successfully adding an on-premises connection.
The CONTAINERS tab on the Overview page displays the scanned cryptographic assets identified according to the applied Fortanix Key Insight policy.
For more information on the Fortanix Key Insight policy, refer to Cryptographic Policy Management.
NOTE
If the Overview page for containers does not display any data, configure the on-premises scanner. For more information, refer to On-premises Scanner Configuration.
In the containers UI, the order of tabs depends on the availability of resources in each tab (DATABASES, SOURCE CODE, CONTAINERS and FILE SYSTEMS). You will always see results in the first tab that has scanned data available. If no data is present at connection level, the default order is FILE SYSTEMS > DATABASES > SOURCE CODE > CONTAINERS.
If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight On-premises connection for containers, you will not be able to view data under the Overview, Assessments, Resources, Cryptographic Assets, or PQC Central pages. You will only have access to view and delete items within the Connections, Policy Center, and Authentication pages.
Figure 1: On-Premises connection containers overview
Click RESCAN to rescan the on-premises connection. For more information, refer to Section 5.0: Rescan an On-premises Connection.
Click ASSESSMENT REPORT to navigate to the Assessment page and view the assessment report. This report allows you to assess your cryptographic assets security posture to ensure the safety of your data. For more information, refer to Section 4.0: Assessments.
The Overview page is described in the following sections:
3.1 Discovered On-Premises Resources
This section provides the count of scanned on-premises infrastructures, including databases, file systems, source code repositories, and container images.
It also displays the count of the following in the scanned on-premises infrastructures:
Cryptographic assets
Keys
Certificates
Resources
NOTE
The total number of keys displayed in the Discovered On-premises Resources section is only the count of the “Current” key versions in the on-premises infrastructures.
Clicking the Cryptographic Assets, Keys, Certificates, and Resources labels navigates you to their list view.
3.2 Cryptography Bill of Materials (CBOM)
This section describes how to export cryptographic asset metadata from an on-premises infrastructure into a standardized CBOM JSON file. The exported CBOM format is useful for maintaining a cryptographic inventory, demonstrating regulatory compliance, and evaluating post-quantum cryptography (PQC) readiness.
To export the CBOM data, click EXPORT. The file named bom_report_<on-premises_scan_id>.json will be downloaded to your local machine, where on-premises_scan_id is a unique identifier generated for each on-premises connection scan.
For example,
The exported file adheres to the CycloneDX specification, including the following components:
bomFormat: Specifies the bill of materials format. For CBOM, this value is set toCycloneDX.specVersion: Indicates the version of the CycloneDX specification being used.version: Denotes the version of this specific CBOM file.components: Lists cryptographic components such as on-premises keys. Each entry includes details such as type, name, algorithm, associated services, and other relevant information.services: Describes the on-premises resources that interact with the listed cryptographic components. Each service includes details such as its name and unique ID.dependencies: Defines the relationships between keys and resources, representing how cryptographic elements are interconnected or used together.
NOTE
If your on-premises connection was last scanned before the Fortanix Key Insight 25.12 release and has not been rescanned since, you must perform a Rescan to ensure the correct export of CBOM data.
For more information on how to perform a rescan, refer to Section 5.0: Rescan an On-premises Connection.
3.3 Discovered Assets and Container images
This section provides a summary of the scanned container cryptographic assets and images, along with their counts.
To understand the list of supported cryptographic assets and their details, refer to the Structure and Cryptographic Asset Types section of the Authoritative Guide to CBOM.
Click each label to view the detailed list of the corresponding assets and images.
3.4 Top Asset Type
This section displays the top five cryptographic assets discovered in the on-premises container images.
Click VIEW ALL to see the complete list of cryptographic assets.
Click any label or count to view the detailed list of corresponding cryptographic assets.
3.5 Top Images by Asset Count
This section displays cryptographic assets discovered in the top five on-premises container images.
Click VIEW ALL to see the complete list of images and the associated cryptographic assets.
Click any label or count to view the detailed list of corresponding cryptographic assets.
4.0 Assessments
You can access the Fortanix Key Insight Assessment page for containers after the scan is performed, and on-premises cryptographic assets have been added.
The Assessment page shows:
How good or bad the security posture is for the Fortanix On-premises Scanner.
Violations that must be remediated to improve the security status.
Remediation advice to improve the security status.
.png?sv=2022-11-02&spr=https&st=2025-12-15T20%3A08%3A51Z&se=2025-12-15T20%3A29%3A51Z&sr=c&sp=r&sig=mYw0Y3%2F9CvvvsyR6AWFpxPM4Hj%2BljTrLGmAMMp43hLw%3D)
Figure 2: Containers assessment report
4.1 Risk Score
This section provides the overall risk score of the on-premises cryptographic assets for container images.
High – A high score signifies the total number of non-compliant assets in use.
The overall risk score is prioritized based on the number of risks, in order of severity from highest to lowest:
Critical
High
Medium
Good
Click each risk label or risk count to access its corresponding list view.
4.2 Asset Violation Across Top Container Images
This section provides insights into cryptographic violations across your on-premises container infrastructure.
You can view the total number of asset violations, along with the breakdown of the total number of violations discovered across individual on-premises container images. This information helps you identify at-risk resources, enabling you to implement unique, compliant, and encrypted cryptographic assets for enhanced security.
Also,
View risk levels for each cryptographic asset that are color-coded for easy identification.
Select VIEW ALL to navigate to the Resources page and explore individual violations for each image.
Click any image to view a detailed list of its top 10 violations, sorted by severity. Click each violation type to navigate to the corresponding list view.
Click BACK to return to the violations card view.
4.3 Top Security Issues
This section provides the following information:
Non-compliant assets: Displays the total number of assets that do not meet the established industry standards and compliance frameworks. It highlights assets that do not adhere to the required security practices and guidelines set forth by regulatory bodies and industry best practices. By identifying these non-compliant assets, this section helps identify the areas where asset management practices need improvement to ensure that they align with the necessary security and compliance requirements.
The non-compliant assets increase the data security risk. They will be flagged as vulnerabilities on the Cryptographic Assets page. Click the count to navigate to the list view.
PQC readiness: Indicates the percentage of your cryptographic assets that are currently quantum-safe, reflecting your source code environment's preparedness for post-quantum cryptography (PQC). This percentage represents the portion of assets using PQC-compliant algorithms or configurations.
4.4 Resource Violation
This section displays the top five violations with the count of their associated resources.
Click VIEW ALL to view the complete list of resources.
The Green color cell indicates the discovered images.
Click any label or count to view the detailed list of corresponding resources.
4.5 Download Assessment Report
Click DOWNLOAD REPORT on the top-right corner of the Assessment page to view the Data Security Assessment Report for the on-premises infrastructures such as databases, source code, containers, and filesystems in PDF format.
The report will open in the Print dialog box, where you can select to print it or save it locally to your machine as needed.
5.0 Rescan an On-Premises Connection
Click RESCAN on the top-right corner of the Overview page to perform a rescan and verify if any keys have been added, deleted, or updated in the Fortanix On-premises Scanner.
If you click RESCAN and start the scan, you can monitor its progress in the progress bar. After the scan is completed successfully.
After the scan is completed successfully,
The Last scanned label will be updated with the date and time of completion.
The Overview page will reflect the new state of the on-premises keys and resources.
NOTE
The RESCAN option is accessible only to users with the Account Administrator and Group Administrator roles.
The RESCAN option is available only when the on-premises connection status is Connected.
You can also click RESCAN on the Assessment page to perform the rescan. After the scan is completed, the Assessment page will reflect the new state of the on-premises resources.
6.0 Resources
After onboarding an on-premises connection with containers, navigate to Resources on the Fortanix Key Insight left navigation panel and select the CONTAINERS tab to view all scanned container images.
Figure 3: Access container resources
For every container image, you can view the information, such as image name, image ID, number of assets, hostname or IP address, and violations.
Click VIEW with the assets count to access all the cryptographic assets in the list view.
Click the violations count or icon to view the associated violations.
Use the Search field to filter keys based on the available criteria and supported values.
For example,
Image Name
Image ID
6.1 View Containers Resource Details
Click an image name in the resources list to view its properties and associated violations.
The RESOURCE DETAILS tab displays the resource configurations and discovered cryptographic assets details.
Figure 4: Access Container Resource Details
The VIOLATIONS tab displays the violations associated with the resource. Click VIEW ASSETS to navigate to the cryptographic assets list page with the appropriate filter applied.
Figure 5: Access containers violations
7.0 Cryptographic Assets
After onboarding an on-premises connection with container images, you can navigate to the CONTAINERS tab under Cryptographic Assets on the Fortanix Key Insight left navigation panel to view all scanned cryptographic assets from those images.
Figure 6: Access cryptographic assets list
For every on-premises repository, the table displays the cryptographic unique reference ID, asset name, asset type, and violations.
Click the violations count or icon to view the associated violations.
Use the Search field to filter the cryptographic assets using the available criteria and values:
For example:
Asset Name
Asset Type
Click EXPORT to export the cryptographic data in CSV format. For more information, refer to Section 8.0: Scanned Data Export.
7.1 View Cryptographic Assets Details
Click any unique reference ID of the cryptographic asset in the list to view its properties and associated violations.
The CRYPTOGRAPHIC ASSET DETAILS tab displays the cryptographic asset properties and associated locations. You can copy a location if needed. Click View More to see all locations.
Figure 7: Access the cryptographic assets details
The VIOLATIONS tab displays the violations associated with the cryptographic asset.
Figure 8: View cryptographic assets violations
8.0 Scanned Data Export
This feature allows you to export the scanned cryptographic assets and resource-related data from Fortanix Key Insight in Comma-Separated Values (CSV) format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting, and to access real-time status.
In the on-premises resources and cryptographic assets list view, click EXPORT to export the scanned data using any of the available options:
Figure 9: Access Data Export Feature
Export current page: Use this option to export all column data from the current page in CSV format.
NOTE
You can download a maximum of 100 items at a time, based on the settings specified in the Items per page drop down.
Export all raw data: Use this option to export all scanned data in CSV format. Review the details in the Export All Raw Data dialog box and click PROCEED to start the export.
After the export process begins, you can track its progress. The export status will be logged with a message under the Activities tab in Fortanix Key Insight. For more information, refer to Section 8.1: View Export Activities.
Export selected rows: This option is disabled by default. You can select the checkbox (
(2).png?sv=2022-11-02&spr=https&st=2025-12-15T20%3A08%3A51Z&se=2025-12-15T20%3A29%3A51Z&sr=c&sp=r&sig=mYw0Y3%2F9CvvvsyR6AWFpxPM4Hj%2BljTrLGmAMMp43hLw%3D)
) next to the required rows on the current page and then use this option to export only those rows in CSV format.
NOTE
Users with the Account Administrator and Group Administrator roles can only perform the scanned data export.
Within the same account, you can have multiple exports running simultaneously from different cloud and on-premises connections.
8.1 View Export Activities
After you initiate the export process using Export All Raw Data, you can track the export status in the Activities tab located in the left navigation panel of Fortanix Key Insight.
You can view the following details for each export:
Name of the activity.
Name of the file. For example, Containers_Cryptographic_Assets.csv.
Activity status: This indicates the current state of the data export. This can be,
Completed: The data export has been completed, and the CSV file will automatically download to the location specified on your local machine.
In Progress: The data export is in progress, and you can cancel it using
if required.Cancelled: The data export was cancelled, either manually or due to switching accounts while the export was in progress.
Failed: The data export did not complete successfully due to errors.
Name of the connection
Export creation date and time
Figure 10: Access containers activities
NOTE
If you switch to a different account during export, the export will be cancelled and logged in the Activities tab.
If you navigate to a different solution (for example, Fortanix Identity and Access Management (IAM)), the export will continue, but no logs will appear in the Activities tab. The export status will be confirmed using toast a message.
If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be cancelled, and all entries in the Activities tab will be removed. To avoid this, do not refresh the page during the export.