Docker Image Discovery

Purpose

This document describes how to set up a Docker Image Discovery scan.

Introduction

A Docker image is a file used to execute code in a Docker container. Docker images act as a set of instructions to build a Docker container, like a template. Docker images also act as the starting point when using Docker. An image is comparable to a snapshot in virtual machine (VM) environments.

Docker Image Discovery enumerates docker images within a registry using provided credentials and the Docker Registry HTTP API V2.

Requirements

To access a private registry, a Docker account with its credentials is required.

When scanning a Docker image using OUTSCAN RC, a HIAB deployed as a container inspection scanner is required. For more information, see Use Appsec Scale with OUTSCAN RC

Run a Docker Image Discovery Scan

Prerequisite

Prior to running a Docker discovery, make sure you have created the Docker credentials.

Running the Scan

A Docker Registry discovery function retrieves image information from a private Docker Registry such as name, OS, architecture and size.

The discovery will only find Docker images with the latest tag to limit the number of Docker images and improve visibility.

To perform a Docker discovery:

Go to Toolbar.
Expand Configurations.
Select Scan Configurations..
Select Docker image discovery.
Fill in the required information.
Select a scanner.
Click on ADD to save the newly created configuration.
Select the Scan configuration and click on the scan now icon in the blue toolbar at the bottom right to run a Docker image discovery scan.
View the scan status under Toolbar/ Scans.
View the discovered assets, Docker images under Assets. They are shown in the list of assets with the filter 'source' set to Cloudsec, and the type set to Docker Image.