Aptible can scan the packages in your Docker images for known vulnerabilities Clair on demand.

What is scanned?

Docker image security scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:

  • Debian / Ubuntu: packages installed using dpkg or its apt-get frontend.
  • CentOS / Red Hat / Amazon Linux: packages installed using rpm or its frontends yum and dnf.
  • Alpine Linux: packages installed using apk.

Docker image security scans do not scan for:

  • packages installed from source (e.g., using make && make install).
  • packages installed by language-level package managers, such as bundler, npm, pip, yarn, composer, go install, etc. (third-party vulnerability analysis providers support those, and you can incorporate them using a CI process, for example).