5
Scan Docker images for vulnerabilities with Docker CLI and Snyk
source link: https://thorsten-hans.com/scan-docker-images-for-vulnerabilities-with-docker-cli-and-snyk
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Scanning Docker images for vulnerabilities
Invoke docker scan
, followed by the name and tag of the desired Docker image, to scan a Docker images. For example, create a new Docker image using a - quite dated - Node.js base image as shown here:
FROM node:7-alpine
Docker
Use docker build . -t sample:0.0.1
to create Docker image and start a vulnerability scan for the image by executing docker scan
:
# scan Docker image sample:0.0.1 for vulnerabilities
docker scan sample:0.0.1
Testing sample:0.0.1...
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-373420
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2q-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-373830
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2o-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-373939
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2m-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374112
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2n-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374229
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2m-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374280
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2o-r2
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374450
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2q-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374514
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2n-r0
✗ Medium severity vulnerability found in openssl/libcrypto1.0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374732
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2o-r0
✗ High severity vulnerability found in openssl/libcrypto1.0
Description: Key Management Errors
Info: https://snyk.io/vuln/SNYK-ALPINE34-OPENSSL-374005
Introduced through: openssl/[email protected], openssl/[email protected], apk-tools/[email protected]
From: openssl/[email protected]
From: openssl/[email protected] > openssl/[email protected]
From: apk-tools/[email protected] > openssl/[email protected]
and 2 more...
Fixed in: 1.0.2o-r1
✗ High severity vulnerability found in musl/musl
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-ALPINE34-MUSL-291884
Introduced through: musl/[email protected], busybox/[email protected], alpine-baselayout/[email protected], openssl/[email protected], openssl/[email protected], zlib/[email protected], apk-tools/[email protected], gcc/[email protected], musl/[email protected], pax-utils/[email protected], libc-dev/[email protected]
From: musl/[email protected]
From: busybox/[email protected] > musl/[email protected]
From: alpine-baselayout/[email protected] > musl/[email protected]
and 10 more...
Fixed in: 1.1.14-r16
Organization: ****
Package manager: apk
Project name: docker-image|sample
Docker image: sample:0.0.1
Platform: linux/amd64
Tested 13 dependencies for known vulnerabilities, found 11 vulnerabilities.
Alpine 3.4.6 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates.
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
Docker
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK