DevOps Classroomnotes 28/Aug/2022

Docker Image Scanning

  • In CI/CD Pipelines we build docker images, so we are expected to scan images for vulnerabilities.
  • Docker has its own scan as part of its command line
  • To perform extensive Scanning Organizations opt for third party tools
  • Refer the below two part articles
  • CIS benchmark for docker Refer Here
  • Scanning for vulnerabilities for docker local images Refer Here
  • Docker images are store in Registries (Docker Hub, Elastic Container Registry, Azure Container Registry) and all of them support image scanning.

Sample Scanning of Docker images in Registries

AWS ECR

  • Sample Dockerfile
FROM httpd
EXPOSE 80
  • After installing docker on the build server
  • Create a repository in AWS ECR and select the option to scan on push
  • After building the docker image, when we push the report will be ready
    Preview
  • Configuration required on your build server
  • In Azure, lets do this activity after some time.

Linux Vulnerability Scanning

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner