You might have heard of Docker Scout, which is an image analyzer that ships with Docker Desktop. This tool makes it easy for developers to view vulnerabilities found in Docker images. Considering you do not want to deploy a container based on an image with numerous vulnerabilities, this tool should be considered a must-use.
Even though Scout ships with Docker Desktop, it isn’t included in the Docker CLI – at least not the community edition of Docker. Fortunately, we can add it without too much trouble. Here’s how.
I’m going to assume you already have the Docker runtime engine installed. With that out of the way, create the necessary directory with the command mkdir -p ~/.docker/cli-plugins.
After you’ve created the directory, download the necessary file with the command wget https://github.com/docker/scout-cli/releases/download/v0.15.0/docker-scout_0.15.0_linux_amd64.tar.gz. Unpack the file with the command tar xvzf *.tar.gz. Move the docker-scout file into the proper directory with the command mv docker-scout ~/.docker/cli-plugins/. Give the file executable permissions with chmod +x ~/.docker/cli-plugins/docker-scout.
You can now analyze an image with a command like docker scout quickview nginx:latest. The results will tell you how many vulnerabilities have been discovered in the image, and you can decide if you want to attempt to mitigate the problems or find a different image to use.
Remember: The security of your container deployments lives and dies on a foundation of secure images, so Docker Scout will be a crucial component in your workflow.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.