Docker Community Forums

Share and learn in the Docker community.

How to interpret a 'docker scan' result

Regarding the results of a docker scan below

❯ docker scan postgrest/postgrest:nightly-2020-11-10-22-47-3830887

Testing postgrest/postgrest:nightly-2020-11-10-22-47-3830887...

Package manager:   linux
Project name:      docker-image|postgrest/postgrest
Docker image:      postgrest/postgrest:nightly-2020-11-10-22-47-3830887
Platform:          linux/amd64

✓ Tested postgrest/postgrest:nightly-2020-11-10-22-47-3830887 for known vulnerabilities, no vulnerable paths found.

Note that we do not currently have vulnerability data for your image.

I’m not sure how to interpret the final line (we do not currently have vulnerability data for your image).

Does this mean that, since there is no vulnerability data then the scan says nothing about potential vulnerabilities and therefore we can’t infer anything about the safety of the image?

Not sure if this makes a difference but my understanding is that the nightly PostgREST images are built using nix so there is no Dockerfile.