Docker Scout and Vulnerability Scanning

Learn about image scanning, a crucial security practice that analyzes container images for vulnerabilities, ensuring the security of your containerized applications.

We'll cover the following

Image scanners
Docker Scout
Configure policies and integrate with registries

Every container runs multiple software packages that are susceptible to bugs and vulnerabilities that malicious actors can exploit.

Image scanners

Image scanning analyzes your images and produces a detailed list of all the software packages it uses. We call this list a software bill of materials (SBOM), and the image scanning system compares the SBOM against databases of known vulnerabilities and provides a report of vulnerabilities in your software. Most vulnerability scanners will rank the vulnerabilities and provide advice on fixes.

Vulnerability scanning is now an integral part of most software supply chains.

Docker Scout

Docker Scout is Docker’s native scanning platform. It works with Docker Hub, Docker Desktop, and the Docker CLI and even has its own Docker Scout Dashboard. However, it’s a subscription-based service.

Other scanning platforms are available, but most of these also require some form of subscription.

If you’re using Docker Desktop, you can run the following command to see an example of Docker Scout.

Get hands-on with 1400+ tech skills courses.

About the Course

Multi-container Apps with Compose

Docker Swarm

Deploying Applications with Docker Stacks

Docker and WebAssembly

Docker Networking

Docker Overlay Networking

Volumes and Persistent Data

Docker Security

What Next

Appendix: Getting Docker and Compose

Docker Scout and Vulnerability Scanning

Image scanners

Docker Scout