Snyk for Docker
We scan Docker images by extracting the image layers and inspecting the package manager manifest info. We then compare every OS package installed in the image against our Docker vulnerability database.
To test an image, make sure it is built (i.e.
docker build -t myapp:mytag .) or pulled locally (i.e.
docker pull myapp:mytag).
snyk test --docker myapp:mytagto test the image for vulnerabilities and receive remediation advice per vulnerability.
snyk test --docker myapp:mytag --file=path/to/Dockerfileto test the image for vulnerabilities and receive remediation advice per vulnerability and as alternative base images for your Dockerfile.
snyk monitor --docker ubuntu:latestto create a snapshot of the image’s dependencies for continuous monitoring.