Member-only story
How to Detect Vulnerabilities in Docker Images
Improve the security of your Docker containers
Clair is an open source project for the static analysis of vulnerabilities in application containers.
One of the main differences between a traditional deployment and a Docker deployment is the way that software dependencies are handled. In traditional deployments, the software dependencies need to be installed and managed by a dedicated team. They install required versions of dependencies, upgrading them when security issues arise, and performing regular patches to the operating system packages. Managing and installing all the dependencies on the hosts and resolving dependency conflicts between different software on the same server is a challenge and time-consuming.
Docker deployments solve these challenges by encapsulating all the needed dependencies for a given software within its own Docker image. These dependencies are installed during the Docker build time and are only applicable for the containers running with the generated Docker image (these dependencies do not also affect the host). However, since Docker images consist of multiple layers, starting from the OS (ubuntu, alpine, centos, etc) to the application layer itself, there’s a risk that the Docker images will include vulnerabilities that could expose some security risks and…
