Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal
✇mountainss Cloud and Datacenter Management Blog

Docker Scout Security for your Containers images

Docker Scout Command Line Reference

Docker Scout is a tool designed to enhance the security of your software supply chain by analyzing your container images. It creates a detailed inventory of the components within your images, known as a Software Bill of Materials (SBOM). This SBOM is then checked against a continuously updated vulnerability database to identify any security weaknesses.

Docker Scout is versatile and can be used with Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. It also integrates with third-party systems like container registries and CI platforms. Essentially, it helps you proactively manage and mitigate vulnerabilities in your container images, ensuring your applications are more secure before they hit production.

Container Images in the Cloud

When you pulled the Image into Docker, you want to know is it secure before using it.
Here is Docker Scout Security in place.

With Docker Scout we will analyze the Container Image.

Scan vulnerabilities results is 0 and can be used 🙂

SBOM with 135 packages and no vulnerabilities found.

Now I can run my Kali Linux Container after Security vulnerability check with Docker Scout.

But there are also images available which have vulnerabilities in the SBOM in some of the packages because they are not up-to-date and behind patching for example. This is why Docker Scout is a very handy security tool to keep your images secure and warn you if security remediation is needed. So don’t pull and run container images fast because you are in a hurry, first check your container image with Docker Scout!

This Container is also pulled from the Cloud and has vulnerabilities because software packages are not up-to-date in the Container image.

Important vulnerabilities found by Docker Scout analyzer!
Click on View Packages and CVEs

The vulnerabilities in this Container image.
You can go deeper into the CVEs.

Here you see the links to the CVEs

Here you see the Fix version of the vulnerability 🙂

Click on the CVE-2024-5535 link for more info.

Remediation with Docker Scout is currently in Beta at the moment when I’m writing this blogpost. Here you find more information on docker docs

 

Conclusion

I always say Security by Design. Docker Scout supports you to keep your Container images as secure as possible before your containers are in a running state.
Keep your images in your Cloud registries up-to-date and clean from vulnerabilities in your packages (SBOM). I really like how docker is improving the product in a secure way with Docker Scout and make it easy to understand for DevOps, developers and security people to keep compliance in place and why it’s important not to run public images right away from the Cloud because of the risks.  Here you find more information about Docker Scout:

Docker Scout documentation

Docker Scout integration with other Systems or Container repositories

Get started with Policy Evaluation in Docker Scout

Docker Scout Demo and Q&A

 

 

❌
❌