Docker Image Scanning
- In CI/CD Pipelines we build docker images, so we are expected to scan images for vulnerabilities.
- Docker has its own scan as part of its command line
- To perform extensive Scanning Organizations opt for third party tools
- Aqua Security
- ECR Scanning Refer Here
- Microsoft Defender for Image Scanning Refer Here
- Qualysis Refer Here
- Refer the below two part articles
- part 1 Refer Here
- part 2 Refer Here
- CIS benchmark for docker Refer Here
- Scanning for vulnerabilities for docker local images Refer Here
- Docker images are store in Registries (Docker Hub, Elastic Container Registry, Azure Container Registry) and all of them support image scanning.
Sample Scanning of Docker images in Registries
AWS ECR
- Sample Dockerfile
FROM httpd
EXPOSE 80
- After installing docker on the build server
- Create a repository in AWS ECR and select the option to scan on push
- After building the docker image, when we push the report will be ready
- Configuration required on your build server
- aws cli Refer Here
- Create an IAM user and configure Refer Here
- Execute
aws configure
- In Azure, lets do this activity after some time.
Linux Vulnerability Scanning
- Scanning Linux For Vulnerabiliteis Refer Here
- Nessus Refer Here
- Open VAS Refer Here
