The JFrog Docker Desktop Extension scans any of your local Docker images for security vulnerabilities. Any image, after it has been built or pulled locally, can be scanned immediately. The scanning process is based on JFrog Xray's vast vulnerabilities database, which is continuously updated with the latest vulnerabilities. In addition, a dedicated Security Research Team within JFrog, continuously improves the JFrog Xray's detection methods, ensuring that Xray continues to be a leading security solution in the market.
When an image is scanned with the JFrog Extension, Xray recursively scans every package included in the Docker Image. Drilling down to analyze even the smallest binary component that affects your software. For example, when analyzing a Docker image, if Xray finds that it contains a Java application it will also analyze all the .jar files used in this application.
The JFrog Extension not only allows the detection of vulnerable packages, but also displays the software versions that include the fixes, allowing you to upgrade the vulnerable packages and resolve the issue.
We made sure that the UI is really easy, intuitive and user-friendly. After selecting the image to scan, the vulnerabilities are displayed in a table, sorted by the issue severity. Furthermore, you can filter the displayed vulnerabilities using a simple search.
When clicking on a specific vulnerability, the view is expanded, to also include the issue description, online references about the issue, and a graph showing the location of the vulnerability within the image.
Using the JFrog Extension doesn't require a paid JFrog subscription. Follow these directions to proceed, based on your use case: