Containerized software discover and identification can include discovering a plurality of container remnants by electronically scanning portions of computer memory of at least one computer system of one or more of computing nodes, the portions of computer memory being allocated to persistent storage of computer data, and each container remnant containing computer data providing a record of system-generated execution attributes generated in response to execution of one or more containerized applications. One or more inactive container remnants unutilized by a currently running containerized application can be identified among the plurality of container remnants. Each inactive container remnant can be categorized, the categorizing being based on system-generated execution attributes contained in each inactive container remnant. Based on the categorizing, a previously run containerized application can be identified by reference to a database comprising data whose structures map identities of containerized applications to patterns of execution attributes.