Detecting Vulnerabilities with Image Security Scanning

Let's see image scanning as it is your primary weapon against vulnerabilities and security holes in your images.

We'll cover the following

Image scanners

Image scanners work by inspecting images and searching for packages that have known vulnerabilities. Once you know about these, you can update the packages and dependencies to versions with fixes.

Limitations

As good as image scanning is, it’s important to understand its limitations.

  • Image scanning is focused on images and does not detect security problems with networks, nodes, or orchestrators.

  • Not all image scanners are equal; some perform deep binary-level scanning to detect packages, whereas others simply look at package names and do not closely inspect the content of images.

At the time of writing, Docker Hub does not offer image scanning services. This may change in the future. Some on-premises private registry solutions offer built-in scanning, and there are third-party services that offer image scanning services.

Example

The figures below are included as an example of the kind of reports image scanners can provide.

Get hands-on with 1200+ tech skills courses.