Closed 53845714nF closed 2 months ago
Hi @53845714nF OCI image is supported. Currently SecretScanner only scans for secrets and keys in the filesystem. Environment vars are not scanned. Feel free to raise a feature-request if that is needed someone might pickup.
Thank you for the quick response.
I think it is necessary to scan the layers as well and I am a bit shocked that this is not the normal behavior of the software. I could imagine that this could increase the security of many companies.
How should I open a feature request? Just create a new issue?
It does scan all the layers in your docker images, and looks for secrets in all the files. It just not scans the env. Yes to open a feature-request, simply raise an issue with details
I have created a new issue.
Hello, I build a small Python App with this Dockerfile:
Code and image are on Github: https://github.com/53845714nF/MarketMinder/
I use ThreatMapper with the SecretScanner:
They have found 17 secrets, but not one of this is the POSTGRES_PASSWORD. Are ENVs not checked? I have created the images according to OCI, could this be a problem?