Docker Image Scanning
- In CI/CD Pipelines we build docker images, so we are expected to scan images for vulnerabilities.
- Docker has its own scan as part of its command line
- To perform extensive Scanning Organizations opt for third party tools
- Refer the below two part articles
- CIS benchmark for docker Refer Here
- Scanning for vulnerabilities for docker local images Refer Here
- Docker images are store in Registries (Docker Hub, Elastic Container Registry, Azure Container Registry) and all of them support image scanning.
Sample Scanning of Docker images in Registries
- Sample Dockerfile
FROM httpd EXPOSE 80
- After installing docker on the build server
- Create a repository in AWS ECR and select the option to scan on push
- After building the docker image, when we push the report will be ready
- Configuration required on your build server
- In Azure, lets do this activity after some time.