Scan the image with Aqua Microscanner.
docker microscan --token TOKEN IMAGE
$ docker clip add lukaszlach/clips:microscanScan any image with the docker microscan command, if it is not available locally it will be pulled automatically. The newest version of Aqua Microscanner is downloaded on every scan (~30MB) so that it is always valid and able to communicate with the security database.
$ docker microscan --token MTdmYcM5ODa1NmMd alpine:3.9
...
"vulnerability_summary": {
"total": 0,
"high": 0,
"medium": 0,
"low": 0,
"negligible": 0,
"sensitive": 0,
"malware": 0
},
...
No critical vulnerabilities found in alpine:3.9
$ docker microscan --token MTdmYcM5ODa1NmMd debian:stretchTo use MicroScanner you'll first need to register for a token.
You can also scan the image from a local Docker Registry:
$ docker microscan --token MTdmYcM5ODa1NmMd \
local.registry.com/image:tagPlugin needs to install ca-certificates inside the container before the scanning process.
Below package managers are supported:
- apt (Debian, Ubuntu)
- apk (Alpine)
- dnf (Fedora)
- yum (CentOS)