search

OWASP / Docker-Security

Getting a handle on container security
https://owasp.org/www-project-docker-top-10/
Other
625 stars 130 forks source link

Image Scanning in D02 #14

Open drwetter opened 4 years ago

drwetter commented 4 years ago

Hi *,

I could need some help wrt to image scanning for known vulnerabilities, see D02 --> How can I find out? --> Automatic.

Preferably short and "crispy"

Cheers, Dirk

ssyms commented 4 years ago

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html Rule #9 lists the most popular image vulnerability scanners

drwetter commented 4 years ago

Thanks.

I was aiming not for a tool listing, this I can do myself (and there are better listings btw.). What would be useful is "good" selection of the plethora out there, a short description what exactly it scans/what to expect from it and how to use it (CI/CD chain, cmdline, ...).