Whilst I was upgrading some of my Ubuntu boxes the other day, I noticed a new plugin - docker-scan-plugin - in the list of things being upgraded.
A quick Google brought me this: -
Vulnerability scanning for Docker local images
Having since upgraded Docker on my Mac: -
docker version
Client: Docker Engine - Community
Cloud integration: 1.0.12
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:13:00 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8
Built: Tue Mar 2 20:15:47 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Cloud integration: 1.0.12
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:13:00 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8
Built: Tue Mar 2 20:15:47 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
I checked my available images: -
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 388056c9a683 6 days ago 1.23MB
tekton-lint latest b79680846c0c 10 days ago 93.1MB
and then scanned one of them: -
docker scan busybox
Docker Scan relies upon access to Snyk, a third party provider, do you consent to proceed using Snyk? (y/N)
y
Testing busybox...
Organization: undefined
Package manager: linux
Project name: docker-image|busybox
Docker image: busybox
Platform: linux/amd64
✓ Tested busybox for known vulnerabilities, no vulnerable paths found.
Note that we do not currently have vulnerability data for your image.
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
Definitely a nice capability to have in the kitbag - we're also using IBM Container Registry's built-in Vulnerability Advisor tool, but more insights are better than fewer ....
No comments:
Post a Comment