Docker Image Discovery
Purpose
This document describes how to set up a Docker Image Discovery scan.
Introduction
A Docker image is a file used to execute code in a Docker container. Docker images act as a set of instructions to build a Docker container, like a template. Docker images also act as the starting point when using Docker. An image is comparable to a snapshot in virtual machine (VM) environments.
Docker Image Discovery enumerates docker images within a registry using provided credentials and the Docker Registry HTTP API V2.
Requirements
To access a private registry, a Docker account with its credentials is required.
When scanning a Docker image using OUTSCAN RC, a HIAB deployed as a container inspection scanner is required. For more information, see Use Appsec Scale with OUTSCAN RC
Run a Docker Image Discovery Scan
Prerequisite
Prior to running a Docker discovery, make sure you have created the Docker credentials.
Running the Scan
A Docker Registry discovery function retrieves image information from a private Docker Registry such as name, OS, architecture and size.
The discovery will only find Docker images with the latest tag to limit the number of Docker images and improve visibility.
To perform a Docker discovery:
Go to Toolbar.
Expand Configurations.
Select Scan Configurations..
Select Docker image discovery.
Fill in the required information.
Select a scanner.
Click on ADD to save the newly created configuration.
Select the Scan configuration and click on the scan now icon in the blue toolbar at the bottom right to run a Docker image discovery scan.
View the scan status under Toolbar/ Scans.
View the discovered assets, Docker images under Assets. They are shown in the list of assets with the filter 'source' set to Cloudsec, and the type set to Docker Image.
Related Articles
- Docker Image Assessment
- Docker Image Discovery
- Cloud Discovery
- Cloud Assessment
- AWS Scanning With OUTSCAN
- Cloud Discovery on HIAB
- Azure Cloud Discovery
- How to Scan AWS ECR Images
- Generate GCP Credentials
- Scan a Docker Image
- Generate AWS Credentials
- Google Registries Scanning with Container Inspection
- Cloudsec Scan Configuration
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.