Docker - Security - Find, fix and monitor for open source vulnerabilities

Scan your docker images for known vulnerabilities and integrate it as part of your continuous integration.

Snyk is an open source tool that scans for security vulnerabilities in open source application libraries and docker images.

Use Snyk to scan a docker image:

snyk test --docker node:10 --file=path/to/Dockerfile

Use Snyk to monitor and alert to newly disclosed vulnerabilities in a docker image:

snyk monitor --docker node:10

Scan a Docker image for known vulnerabilities with these commands:

# fetch the image to be tested so it exists locally
docker pull node:10
# scan the image with snyk
snyk test --docker node:10 --file=path/to/Dockerfile

References

https://snyk.io/container-vulnerability-management/