Core Concepts
Reference
How-to Guides
Troubleshooting
Docker Image Security Scans
Aptible proactively scans your Docker images for vulnerable system packages of any addressable vulnerabilities images using Clair.
What is scanned?
Docker image security scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:
- Debian / Ubuntu: security scans scan for packages installed using
dpkg
or itsapt-get
frontend. - CentOS / Red Hat: security scans scan for packages installed using
rpm
or its frontendsyum
anddnf
. - Alpine Linux: security scans scan for packages installed using
apk
.
Docker image security scans do not scan for:
- packages installed from source (e.g., using
make && make install
). - packages installed by language-level package managers, such as
bundler
,npm
,pip
,yarn
,composer
etc. (third-party vulnerability analysis providers support those, and you can incorporate them using a CI process, for example).
Accessing security scans
Access Docker image security scans in the Aptible Dashboard by navigating to the respective app and selecting "Security Scan."