ConPan is a tool that analyzes software packages in Docker containers. It identifies outdated and vulnerable packages. The motivation is that outdated packages often contain security vulnerabilities, and vulnerabilities are a main barrier to adopting containers in production. ConPan scans Docker images and produces results about which packages are outdated and may contain vulnerabilities based on data for different package managers like Debian. It can be run from the command line or via an API.