Is it sufficient to scan Docker host or is necessary to scan every single container?

mergebase / log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Other

638 stars 98 forks source link

Is it sufficient to scan Docker host or is necessary to scan every single container? #9

Open t-markmann opened 2 years ago

t-markmann commented 2 years ago

We have some Docker containers running. Would this application detect log4j inside the docker containers, if we run it just on the host (for example in /var/lib/docker)? Or do we have to exec the program in the bash on every single Docker container?

christinloehner commented 2 years ago

As far as I can see, you'd need to scan each container on its own from inside the container

juliusmusseau commented 2 years ago

Cool question. I will investigate this and get back to you.