Previously I shared how you can scan your Python code for security issues. However, with the increased use of containers in network automation, I wanted to also share with you a way to locally scan your Docker images for security issues/vulnerabilities using the Docker Scan feature.

Docker Scan (Docker Desktop Edge only) scans your local Docker image and returns a list of Common Vulnerabilities and Exposures (CVEs) and available fixes (if available).

Here's an example:

$ docker scan grafana/grafana:latest     

Testing grafana/grafana:latest...

✗ Low severity vulnerability found in apk-tools/apk-tools
  Description: CVE-2021-30139
  Info: https://snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1246338
  Introduced through: apk-tools/apk-tools@2.10.5-r1
  From: apk-tools/apk-tools@2.10.5-r1
  Fixed in: 2.10.6-r0

...

Tested 34 dependencies for known issues, found 1 issue.

You can also include the Dockerfile as part of your scan (shown below), which will result in the vulnerabilities being mapped to the relating Dockerfile commands that introduced them. Love it!

$ docker scan --file Dockerfile grafana/grafana:latest

It's worth noting that you get 10 scans a month by default, which can be increased to 200 scans per month (for free) by logging into the vulnerability scanner provider (snyk.io), like so:

docker scan --login

And there you go! A quick and easy way to security check your Docker images before running or pushing up to your Docker repos.

Master Network Automation
Join today and get access to:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 Multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Tech demos and sessions

100% Satisfaction Guaranteed!
Cancel your membership at any time.


Learn More