Aqua Dynamic Threat Analysis (DTA) is a container security sandbox that analyzes container images to detect advanced malware and malicious behavior before deployment to production environments. The product scans container images from registries and CI pipelines to identify threats that may activate in production. The solution executes containers in an isolated sandbox environment to observe runtime behavior and detect indicators of compromise including container escapes, reverse shell backdoors, cryptocurrency miners, code injection backdoors, and data exfiltration attempts. It provides detailed tracing of all container activities and network communications. Aqua DTA maps detected behaviors to the MITRE ATT&CK framework, enabling security teams to understand attack kill chains and identify infrastructure weaknesses. The product tracks network activity between containers and external destinations, including command and control servers and data exfiltration endpoints. The solution integrates into CI/CD pipelines and container registries to shift security left in the development lifecycle. It supports compliance requirements for container security standards such as NIST SP 800-218 by verifying images are free of malware, misconfigurations, and vulnerabilities that could compromise the software supply chain.