Docker Images contain not only application code, but a OS and additional utilities to make application run as expected. Images can also be vulnerable its better not have any CVE's in image. Running scans are one of the way to protect from CVE's. These container scanning tools scan for known vulnerabilities in the image.
In this article, We use Clair to scan a Docker image for vulnerabilities. Clair is an open source container scanning tool from Quay.io - a Red Hat acquisition. Clair is one container scanning tool among many. Most of them perform static analysis of the Docker image.
How to Setup?
You have to create a application which works as a scanner on your local, below are the steps which tell you how to setup the scanner.
Create a Project directory as
clair_local_poc, within that create a
docker-compose.yml file with the contents as shown below. File location
docker-utils/clair-config directory and place
config.yml file inside the directory. File Location:
Once you create the above files with the folder structure, you are good with the step and ready to use the scanner, which will scan for CVE Issues.
Scan Local Docker Image
Below are the steps to run the scan of local docker image
This way, you can scan the Docker images for any CVE issues.