Container and image scanning for a platform-as-a-service system

What is claimed is: 1. A method, comprising: storing at a central scan store of a multi-tenant system, an image scan result for a container image, the container image for executing functionality of multiple applications and comprising multiple layers, wherein the image scan result generated by a scan process at a first processing device, the scan process comprising: scanning, by the first processing device, a top layer of the container image, wherein the remaining layers of the container image are immutable; verifying, by the first processing device, a clean status of the remaining layers of the container image with the central scan store; and transmitting, by the first processing device, the image scan result for the container image, the image scan result being clean in response to both of a clean result returned for the scanning and successful verification of the clean status of the remaining layers; and responsive to receiving a container image scan result request from a second processing device for the container image, transmitting the image scan result for the container image to the second processing device. 2. The method of claim 1 , wherein the container image to provide the functionality for the multiple applications on nodes of the multi-tenant system. 3. The method of claim 1 , wherein the scanning to detect patterns defined by a definition file of the scan process. 4. The method of claim 3 , wherein the clean result comprises no patterns detected in the top layer of the container image. 5. The method of claim 3 , further comprising in response to detecting one of the patterns in the top layer of the container image, transmitting a takedown signal to one or more nodes executing instances of the container image. 6. The method of claim 1 , further comprising in response to an absence of a clean status for at least one of the remaining layers in the central scan store: repeating the scanning for each of the at least one of the remaining layers; and storing a result of the scanning for each of the at least one of the remaining layers in the central scan store. 7. The method of claim 1 , wherein the image scan result comprises at least an identifier comprising a checksum of the scanned layer of the container image, an identification of the scan process, a version of a definition file used by the scan process, and a result of the scan process. 8. The method of claim 1 , further comprising receiving, at the central scan store, at least one of other image scan results or communications from computing devices managed by entities external to the multi-tenant system. 9. A method comprising: maintaining container images for a plurality of applications, the container images for executing functionality of the plurality of applications and comprising multiple layers, each layer of each container image corresponding to a clean scan result generated by a scan process at a first processing device, the scan process comprising: scanning, by the first processing device, a top layer of the container image, wherein the remaining layers of the container image are immutable; verifying, by the first processing device, a clean status of the remaining layers of the container image with a central scan store; and transmitting, by the first processing device, the image scan result for the container image to the central scan store, the image scan result being clean in response to both of a clean result returned for the scanning and successfully verifying the clean status of the remaining layers; and responsive to receiving a request for one of the container images from a second processing device, transmitting the requested container image to the second processing device. 10. The method of claim 9 , wherein the first processing device performs the scan process on each maintained container image in response to receiving a new definition file for the scan process. 11. The method of claim 9 , wherein transmitting the requested contained image further comprises transmitting the image scan result for the container image. 12. A system comprising: a memory; a processing device communicably coupled to the memory, the processing device to: store at a central scan store of a multi-tenant system, an image scan result for a container image, the container image for executing functionality of multiple applications and comprising multiple layers, wherein the image scan result generated by a scan process at a processing device, the scan process comprising the processing device to: scan a top layer of the container image, wherein the remaining layers of the container image are immutable; verify a clean status of the remaining layers of the container image with the central scan store; and transmit the image scan result for the container image, the image scan result being clean in response to both of a clean result returned for the scanning and successful verification of the clean status of the remaining layers; and responsive to receiving a container image scan result request for the container image, transmit the image scan result for the container image to an originator of the request. 13. The system of claim 12 , wherein the container image to provide the functionality for the multiple applications on nodes of the multi-tenant system. 14. The system of claim 12 , wherein the processing device to scan the top layer causes the processing device to detect patterns defined by a definition file of the scan process. 15. The system of claim 14 , wherein the clean result comprises no patterns detected in the top layer of the container image. 16. The system of claim 14 , wherein the processing devices is further to, in response to detecting one of the patterns in the top layer of the container image, transmit a takedown signal to one or more nodes executing instances of the container image. 17. A non-transitory machine-readable storage medium including instructions that, when accessed by a processing device, cause the processing device to: maintain container images for a plurality of applications, the container images for executing functionality of the plurality of applications and comprising multiple layers, each layer of each container image corresponding to a clean scan result generated by a scan process at a first processing device, the scan process comprising: scanning, by the first processing device, a top layer of the container image, wherein the remaining layers of the container image are immutable; verifying, by the first processing device, a clean status of the remaining layers of the container image with a central scan store; and transmitting, by the first processing device, the image scan result for the container image to the central scan store, the image scan result being clean in response to both of a clean result returned for the scanning and successfully verifying the clean status of the remaining layers; and responsive to receiving a request for one of the container images from a second processing device, transmit the requested container image to the second processing device. 18. The non-transitory machine-readable storage medium of claim 17 , wherein the first processing device performs the scan process on each maintained container image in response to receiving a new definition file for the scan process. 19. The non-transitory machine-readable storage medium of claim 17 , wherein transmitting the requested contained image further comprises transmitting the image scan result for the container image. 20. The non-transito