====== Docker - Security - Find, fix and monitor for open source vulnerabilities ======

Scan your docker images for known vulnerabilities and integrate it as part of your continuous integration.

[[https://snyk.io/container-vulnerability-management/|Snyk]] is an open source tool that scans for security vulnerabilities in open source application libraries and docker images.

Use Snyk to scan a docker image:

<code bash>
snyk test --docker node:10 --file=path/to/Dockerfile
</code>

Use Snyk to monitor and alert to newly disclosed vulnerabilities in a docker image:

<code bash>
snyk monitor --docker node:10
</code>

----

Scan a Docker image for known vulnerabilities with these commands:

<code bash>
# fetch the image to be tested so it exists locally
docker pull node:10
# scan the image with snyk
snyk test --docker node:10 --file=path/to/Dockerfile
</code>

----

===== References =====

https://snyk.io/container-vulnerability-management/