Security Scans

Enclave can perform Security Scans of your Docker images using Clair.

What is Scanned?

Security Scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:

  • Debian / Ubuntu: Security Scans scan for packages installed using dpkg or its apt-get frontend.
  • CentOS / Red Hat: Security Scans scan for packages installed using rpm or its frontends yum and dnf.
  • Alpine Linux: Security Scans scan for packages installed using apk.

In particular Security Scans do not scan for:

  • Packages installed from source (e.g. using make && make install).
  • Packages installed language-level package managers such as bundler, npm, pip, yarn, composer etc. (third-party vulnerability analysis providers support those, and you can incorporate them in e.g. a CI process).

Accessing Scans

Scans are available via the Aptible Dashboard: navigate to the Security Scans tab on an App and review the list of vulnerabilities.