Docker Community Forums

Share and learn in the Docker community.

"Official Image Vulnerability Scanning" is missing in action?

Hi, following the official documentation: https://docs.docker.com/docker-hub/official_images/#official-image-vulnerability-scanning, it states that we should be able to see the vulnerability scan section.
Has the feature been removed?

Official Image Vulnerability Scanning

Each of the images in the Official Images is scanned for vulnerabilities. The results of these security scans provide valuable information about which images contain security vulnerabilities, and allow you to choose images that align with your security standards.

To view the Docker Security Scanning results:

  1. Make sure you’re logged in to Docker Hub. You can view Official Images even while logged out, however the scan results are only available once you log in.
  2. Navigate to the repository of the Official Image whose security scan you want to view.
    > 3. Click the Tags tab to see a list of tags. and their security scan summaries.
3 Likes

I’m seeing this as well. Documentation error? Feature go EE only?

I’m seeing this as well, has there been any progress on this issue?

I have the same problem. So far I didn’t found a statement from docker to this and it is still in their documentation.
Would be nice if they can give us some information here.

I would be surprised if a docker official would respond at all. This forum is a complety unmoderated wild west.

I’ve noticed this too. However, without these scan results how can we be sure the images are safe to use?

Hi, my name is Marina Kvitnitsky, and I am a Product Manager at Docker. My apologies for not responding to this sooner. We are in the process of revamping the scanning policy for Official Images, and for now, we took the vulnerability section out, to avoid any inaccuracies. We will be communicating changes to scanning policy, and then working on updating documentation. Please bear with us as we go through this process

I stand corrected - we have already announced that we have extended our partnership with Snyk to include scanning for Official Images’. We are working together with Snyk, and will update documentation as soon as the process is ready to go live.

Thank you slot my friend :DDD