« Previous 1 2 3 4 Next »
Docker image security analysis
Pedigree
On Your Marks …
Before getting started, you'll need a working Python v3.5+ installation. I found some handy instructions online [7], which I've summarized as best as I can. As superuser (root), you have to run a few commands and set up Python; for example, for Debian derivatives, use:
$ add-apt-repository ppa:jonathonf/python-3.6 $ apt-get update $ apt-get install python3.6
In Figure 3 you can see that Python v3.6 adds about 23MB of files to your machine. Depending on how much time you've spent with Python, you might not have seen deprecation warnings before. For some future-proofing, I'll show you how to set a default Python version, because you need to tell Docker Scan to use Python v3, not version 2.
For example, the command
$ python --version Python 2.7.12
reports that Python v2 is installed. After installing the relevant packages, entering python3
instead of python
will output the following:
$ python3 --version Python 3.5.2
On Debian derivatives (I'm using Mint/Ubuntu on my laptop), you can use the following commands to provide easier version switching options:
$ update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1 $ update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 2 $ update-alternatives --config python3
With these commands, you can build a simple menu of sorts to populate your options (Figure 4). When you select 0
in Figure 4, for example, you force the use of version 3.6 and not version 3.5. Compare it to the output of the python3
command above.
Hello Pip, Old Bean
Getting your system ready for Docker Scan requires a few commands:
$ apt install python3-pip $ python3 -m pip install setuptools $ python3 -m pip install -U pip # This should say it's already installed
In the first line, the Apt package manager installs the Python pip
package manager. Because pip
might be available for Python v2, the python3-pip
name eliminates confusion. The setuptools
package in the second command ensures that pip
will behave properly, and the third command verifies that pip
is happy. The final command that drops the star of the show into place is:
$ python3 -m pip install dockerscan Successfully installed booby-ng-0.8.4 click-6.7 colorlog-2.10.0 dockerscan-1.0.0a3 ecdsa-0.13 jws-0.1.3 python-dxf-4.0.1 requests-2.13.0 tqdm-4.31.1 www-authenticate-0.9.2
The lengthy output denotes success.
Help Me
You can now check that Docker Scan is installed by running the command with the -h
(help) option (Figure 5):
$ dockerscan -h
For clarity I had previously installed the basic, built-in Docker package (docker.io
) with the command:
$ apt install docker.io
You can find information about Docker Community Edition (CE) [8], which will likely install a newer version of Docker Engine.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)