(DockerCon 23) What's in my container? Docker scout CLI and CI to the rescue

Transcript

1. What’s in My Container? Yves Brissaud Docker Scout CLI and

   CI to the Rescue Senior Software Engineer | Docker 𝕏 @_crev_

2. Yves Brissaud Senior Software Engineer | Docker 𝕏 @_crev_

3. 00 Intro

4. Materials 00 Intro Slides: https://speakerdeck.com/eunomie/scout Git Repository: https://github.com/eunomie/dc23hello

5. 01 Code Update https://www.pexels.com/photo/close-up-photo-of-gray-typewriter-952594/

6. 01 Code Update Hello 👋

7. • Render as HTML • Read input as markdown 01

   Code Update Propose Changes

8. • Build • Test • Review • Merge • Deploy

   • … 01 Code Update Pull Request

9. 01 Code Update A vulnerability has been found before to

   be deployed in production! https://www.pexels.com/photo/red-led-traffic-cone-2743739/

10. 01 Code Update Back to code, branch, review, … https://www.pexels.com/photo/black-and-white-roller-coaster-106155/

11. 01 Code Update How to do it better? Shift left

    Find issues earlier In developer friendly manner Without wasting time

12. 02 Continuous Integration https://www.pexels.com/photo/business-commerce-computer-delivery-263194/

13. • As a GitHub Action 02 Continuous Integration Docker Scout

14. • As a GitHub Action • Comment Pull Request 02

    Continuous Integration Docker Scout

15. 02 Continuous Integration How to know it, before the CI?

    Shift left Reduce time to discover issue

16. 03 CLI https://www.pexels.com/photo/person-in-brown-long-sleeve-shirt-typing-on-a-keyboard-9553909/

17. • quickview 03 CLI Docker Scout CLI

18. • quickview • cves 03 CLI Docker Scout CLI

19. • quickview • cves • With details 03 CLI Docker

    Scout CLI

20. • quickview • cves • With details • By packages

    03 CLI Docker Scout CLI

21. 03 CLI Why not be even faster?

22. • file system 03 CLI Docker Scout CLI

23. 03 Cli Can I see the impact of my changes?

    Reduce noise Straight to the decisions

24. 04 Compare https://www.pexels.com/photo/light-city-landscape-red-13097303/

25. • cli 04 Compare Compare Images

26. • cli • GitHub Action 04 Compare Compare Images

27. • Base image changes 04 Compare Compare more

28. 04 Compare How can I compare to my staging/production/… image?

29. 05 Environments https://www.pexels.com/photo/gray-steel-file-cabinet-1370294/

30. • GitHub Action 05 Environments Record Image to an Environment

31. • GitHub Action • cli 05 Environments Record Image to

    an Environment

32. 05 Environments Compare to an Environment

33. 05 Environments Could it be smarter? Reduce noise Straight to

    the decisions Decide for me

34. 06 Policies https://www.pexels.com/photo/wooden-stamp-on-ink-pad-placed-on-desk-3839649/

35. • quickview 06 Policies Docker Scout CLI

36. • quickview • policy 06 Policies Docker Scout CLI

37. • quickview • policy • compare 06 Policies Docker Scout

    CLI

38. • quickview • policy • compare 06 Policies Docker Scout

    CLI Is my image better or worse?

39. 06 Policies Docker Scout GitHub Action

40. 07 Summary https://www.pexels.com/photo/wooden-stamp-on-ink-pad-placed-on-desk-3839649/

41. docker scout quickview IMAGE docker scout cves IMAGE docker scout

    cves --details IMAGE docker scout compare IMAGE --to IMAGE docker scout environment ENV IMAGE docker scout compare IMAGE --to-env ENV docker scout policy IMAGE local:// registry:// image:// fs:// Docker Scout CLI 07 Summary Quick overview of an image List of all vulnerabilities of an image with details Compare two images Record image to environment Compare image to environment Details about policies Local only images Registry only images Local then registry if not found Local file system

42. uses: docker/scout-action@main with: command: quickview command: cves command: compare Docker

    Scout GitHub Action 07 Summary Quick overview of an image List of all vulnerabilities of an image Compare two images

43. 07 Summary Resources https://docs.docker.com/scout/ https://docs.docker.com/engine/reference/commandline/scout/ https://github.com/docker/scout-cli https://github.com/docker/scout-action

44. THANK YOU

45. None