How to scan container images with Docker Scout
Jack Wallen demonstrates how to scan container images for vulnerabilities and dependencies with the new Docker Scout feature.
If you’re deploying containers based on insecure images, the chances of your apps and services being secure is dramatically reduced. To that end, you should be doing everything you can to make sure every image you pull and use is free of vulnerabilities.
Docker will soon be rolling out a new feature, called Docker Scout, that makes it really easy to scan your local images for vulnerabilities as well as understanding application dependencies. You can access Docker Scout from the Docker Desktop app, but do remember this is currently in early access status.
Let me show you how easy it is to scan an image for vulnerabilities with this new feature.
The first thing you’ll need to do is download an image. To do this, open Docker Desktop, and type the name of the image you want to pull.
Say, you’re looking to use the Rocky Linux image. Type Rocky Linux in the search bar, and click on the Images tab. Locate and select the entry for Rocky Linux, and then, click Pull. Once the image has pulled, click Docker Scout in the left navigation, and then, select the Rocky Linux image from the dropdown.
Click Analyze Image, and Scout will begin the process of scanning the image; the time for the scan will depend on the size of the image. Once it completes, click View Packages and CVEs, and read through the list of vulnerabilities.
Scroll through the list, and expand an entry to reveal the known CVEs. You can expand a CVE to read the details about the issue.
Based on the information obtained through Docker Scout, you can then decide to either continue using an image, mitigate any issues contained in an image, or scrap the pulled image in favor of one with fewer or no vulnerabilities. If an image has a number of high or critical vulnerabilities, my advice would be to either mitigate or scrap.
And that’s all there is to scanning container images for vulnerabilities with the new Docker Scout feature.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.