Upgrade to Pro — share decks privately, control downloads, hide ads and more …

(DockerCon 23) What's in my container? Docker s...

(DockerCon 23) What's in my container? Docker scout CLI and CI to the rescue

Yves Brissaud

October 04, 2023
Tweet

More Decks by Yves Brissaud

Other Decks in Programming

Transcript

  1. What’s in My Container? Yves Brissaud Docker Scout CLI and

    CI to the Rescue Senior Software Engineer | Docker 𝕏 @_crev_
  2. • Build • Test • Review • Merge • Deploy

    • … 01 Code Update Pull Request
  3. 01 Code Update A vulnerability has been found before to

    be deployed in production! https://www.pexels.com/photo/red-led-traffic-cone-2743739/
  4. 01 Code Update How to do it better? Shift left

    Find issues earlier In developer friendly manner Without wasting time
  5. • As a GitHub Action • Comment Pull Request 02

    Continuous Integration Docker Scout
  6. 02 Continuous Integration How to know it, before the CI?

    Shift left Reduce time to discover issue
  7. 03 Cli Can I see the impact of my changes?

    Reduce noise Straight to the decisions
  8. docker scout quickview IMAGE docker scout cves IMAGE docker scout

    cves --details IMAGE docker scout compare IMAGE --to IMAGE docker scout environment ENV IMAGE docker scout compare IMAGE --to-env ENV docker scout policy IMAGE local:// registry:// image:// fs:// Docker Scout CLI 07 Summary Quick overview of an image List of all vulnerabilities of an image with details Compare two images Record image to environment Compare image to environment Details about policies Local only images Registry only images Local then registry if not found Local file system
  9. uses: docker/scout-action@main with: command: quickview command: cves command: compare Docker

    Scout GitHub Action 07 Summary Quick overview of an image List of all vulnerabilities of an image Compare two images