Detecting Vulnerabilities in Docker Images
Scanning Docker Images vs. Linting Dockerfiles
In addition to basic security linting of your Dockerfiles, it is also a good practice to scan your Docker images for vulnerabilities. This can help you identify and mitigate security risks before your production containers are deployed. You may ask, if images are created using Dockerfiles that have been linted and scanned, what's the need for image scanning? Is it necessary? Short answer: Yes, it is necessary.
After scanning your Dockerfiles, it is highly recommended to scan the built images as well. While Dockerfile linting helps enforce best practices, security policies, and efficient layering, it cannot detect vulnerabilities in the base image, installed dependencies, or runtime configurations.
DevSecOps in Practice
A Hands-On Guide to Operationalizing DevSecOps at ScaleEnroll now to unlock all content and receive all future updates for free.