Check out a free preview of the full Complete Intro to Containers, v2 course

The "Docker Scout" Lesson is part of the full, Complete Intro to Containers, v2 course featured in this preview video. Here's what you'd learn in this lesson:

Brian shares a new feature, Docker Scout, which scans containers for vulnerabilities. By analyzing images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses.

Preview
Close

Transcript from the "Docker Scout" Lesson

[00:00:00]
>> Brian Holt: So one thing I wanted to show you before we get even further into this and before we get into even docker features is this was a feature I was playing with yesterday that I kind of wanted to just explore with you a little bit. If I go into my command line here, there's a feature of Docker that I haven't really used a whole lot.

[00:00:16]
So feel free to explore a little bit more than me. It's called scout, That allows you to inspect your containers for vulnerabilities, for anything that Dockers identifies, hey, this part of your container is problematic. There's a feature called quick view, and you can just put a container name in there.

[00:00:33]
So let's just look at the Alpine container that we've been looking at, cuz I noticed it had some security vulnerabilities. So it's just It's gonna do a really quick scan of it, and it's gonna say, hey, we actually found four, I think this is medium vulnerabilities in your container there.

[00:00:52]
So then you can copy and paste this, CVEs, if you're not familiar with the term CVE, I don't even remember what it stands for, but it's a published vulnerability. It's a process for publishing big vulnerabilities. So like when Microsoft had, like the heart bleed that was published as a CVE for example, right?

[00:01:11]
It's for stuff like that.
>> Brian Holt: So if we do that, CVEs for alpine 3.9 point one, we'll get a bit more in depth information. You can see we have four vulnerabilities here. It looks like there's 6 total, that's interesting 2 are unspecified. Looks like there's 2 here. And you can like click into these and see what they are.

[00:01:34]
Also 2 of them are coming from open SSL. And then these medium CVE are all coming from busy box. We talked a little bit about that before. That busy box is just what underpins Alpine. So I thought that was kinda cool. It's a feature that wasn't there previously.

[00:01:53]
I looked in the GUI, it's also in there as well. So if we go into here, where was one of our Alpine ones? This one, okay? So this is one that we built, Alpine 3, for a more complicated app. You can see all of these are still showing up here.

[00:02:06]
It'll show you the layers that are problematic, which is cool. You can actually even go up into this and you can see what's going on there. It'll show you all the packages that are installed here, which is kind of interesting. And all the official images that we're building off of here.

[00:02:26]
>> Brian Holt: Recommended fixes. That's cool, I recommend fixes for base image. So they're just telling us to, I'll just pull a new one. Okay, cool, interesting. Or change the base image. Yeah, they're saying, yeah, probably change this to 320, right? And you can see this was actually published within the past 20 hours, right?

[00:02:48]
So, since we started the course, it's kind of interesting, cool. So that is Docker Scout, pretty cool stuff. There's more to it, I think it's just their tool for
>> Brian Holt: Keeping things secure. There's other things in here that I haven't really played around with, but I invite you to go check it out and play with it.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now