Core Concepts
Reference
Troubleshooting
Feedback
Security Scans
Aptible can scan your Docker images for vulnerable system packages of any addressable vulnerabilities images using Clair on demand.
What is scanned?
Docker image security scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:
- Debian / Ubuntu: security scans scan for packages installed using
dpkg
or itsapt-get
frontend. - CentOS / Red Hat: security scans scan for packages installed using
rpm
or its frontendsyum
anddnf
. - Alpine Linux: security scans scan for packages installed using
apk
.
Docker image security scans do not scan for:
- packages installed from source (e.g., using
make && make install
). - packages installed by language-level package managers, such as
bundler
,npm
,pip
,yarn
,composer
etc. (third-party vulnerability analysis providers support those, and you can incorporate them using a CI process, for example).
Accessing security scans
Access Docker image security scans in the Aptible Dashboard by navigating to the respective app and selecting "Security Scan."