[CentOS-virt] Docker container scanner on CentOS?

Rafał Radecki radecki.rafal at gmail.com
Tue Feb 21 08:31:29 UTC 2017


Hi All.

I am currently searching for a decent image/container/registry scanner. I
would like to be able to check images for CVE, at the moment I am using
rhel/centos/ubuntu/debian based images.

I tried on CentOS7:
- openscap (oscap-docker): needs atomic for installation, allows scanning
of rhel based images only;
- atomic: allows scanning of rhel based images only;
- clair: usable in theory for rhel/centos/ubuntu/debian images but in
practice I encountered problems with analyze-local-images and hyperclair
"cli" tools and API does not allow automatization;
- banyan collector/dockscan/drydock: seem to be stale or not enough mature
to be considered;
- nessus: seems to be an overkill for my usecase.

I am now looking into:
- aqua (commercial);
- twistlock (commercial);
- blackduck docker scanner (commercial).

Can you share info about what you are using to scan docker images? Any
proposals for my usecase?

Thanks!

BR,
Rafal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20170221/a3c8d5de/attachment.html>


More information about the CentOS-virt mailing list