« Previous 1 2 3 4 Next »
Docker image security analysis
Pedigree
On Your Marks …
Before getting started, you'll need a working Python v3.5+ installation. I found some handy instructions online [7], which I've summarized as best as I can. As superuser (root), you have to run a few commands and set up Python; for example, for Debian derivatives, use:
$ add-apt-repository ppa:jonathonf/python-3.6 $ apt-get update $ apt-get install python3.6
In Figure 3 you can see that Python v3.6 adds about 23MB of files to your machine. Depending on how much time you've spent with Python, you might not have seen deprecation warnings before. For some future-proofing, I'll show you how to set a default Python version, because you need to tell Docker Scan to use Python v3, not version 2.
Figure 3: Installing Python v3.6 for compatibility with Docker Scan.
For example, the command
$ python --version Python 2.7.12
reports that Python v2 is installed. After installing the relevant packages, entering python3 instead of python will output the following:
$ python3 --version Python 3.5.2
On Debian derivatives (I'm using Mint/Ubuntu on my laptop), you can use the following commands to provide easier version switching options:
$ update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1 $ update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 2 $ update-alternatives --config python3
With these commands, you can build a simple menu of sorts to populate your options (Figure 4). When you select 0
in Figure 4, for example, you force the use of version 3.6 and not version 3.5. Compare it to the output of the python3 command above.
Figure 4: Selecting 0 sets Python v3.6 as the default.
Hello Pip, Old Bean
Getting your system ready for Docker Scan requires a few commands:
$ apt install python3-pip $ python3 -m pip install setuptools $ python3 -m pip install -U pip # This should say it's already installed
In the first line, the Apt package manager installs the Python pip
package manager. Because pip might be available for Python v2, the python3-pip name eliminates confusion. The setuptools
package in the second command ensures that pip will behave properly, and the third command verifies that pip is happy. The final command that drops the star of the show into place is:
$ python3 -m pip install dockerscan Successfully installed booby-ng-0.8.4 click-6.7 colorlog-2.10.0 dockerscan-1.0.0a3 ecdsa-0.13 jws-0.1.3 python-dxf-4.0.1 requests-2.13.0 tqdm-4.31.1 www-authenticate-0.9.2
The lengthy output denotes success.
Help Me
You can now check that Docker Scan is installed by running the command with the -h (help) option (Figure 5):
$ dockerscan -h
Figure 5: The upper level of the help menu from Docker Scan.
For clarity I had previously installed the basic, built-in Docker package (docker.io) with the command:
$ apt install docker.io
You can find information about Docker Community Edition (CE) [8], which will likely install a newer version of Docker Engine.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Test your containers with the Docker Desktop one-node cluster
The built-in single-node Kubernetes cluster included with Docker Desktop is a handy tool for testing your container. -
Minifying container images with DockerSlim
DockerSlim minifies your Docker container images up to 30x and adds security, too. -
Build and host Docker images
When facing the challenge of packaging your application in a container, take into account your needs in terms of handling and security and investigate sensible options for hosting your own registry. -
Dockerizing Legacy Applications
Sooner or later, you'll want to convert your legacy application to a containerized environment. Docker offers the tools for a smooth and efficient transition. -
Update your Docker containers safely
A scripted approach lets you know when to update your Docker containers.