Security scanning of containers?

rradecki · February 21, 2017, 8:25am

Hi All.

I am currently searching for a decent image/container/registry scanner. I would like to be able to check images for CVE, at the moment I am using rhel/centos/ubuntu/debian based images.

I tried on CentOS7:

openscap (oscap-docker): needs atomic for installation, allows scanning of rhel based images only;
atomic: allows scanning of rhel based images only;
clair: usable in theory for rhel/centos/ubuntu/debian images but in practice I encountered problems with analyze-local-images and hyperclair “cli” tools and API does not allow automatization;
banyan collector/dockscan/drydock: seem to be stale or not enough mature to be considered;
nessus: seems to be an overkill for my usecase.

I am now looking into:

aqua (commercial);
twistlock (commercial);
blackduck docker scanner (commercial).

Can you share info about what you are using to scan docker images? Any proposals for my usecase?

Thanks!

BR,
Rafal.

mylespollie · June 1, 2017, 6:04pm

Hey did you ever find a good solution to this problem? I’m trying to solve the same thing.

Topic		Replies	Views
Docker Container security General dockersecurityscan	0	592	May 21, 2019
Disable security scan? Docker Hub dockersecurityscan	1	1181	January 26, 2018
Docker Hub Security Scanning Docker Hub security	0	560	March 6, 2019
"Official Image Vulnerability Scanning" is missing in action? Docker Hub dockerhub , dockersecurityscan	7	1193	October 22, 2020
Docker Image security Docker Hub security	0	610	December 20, 2019

Security scanning of containers?

Related topics