Skip to content
/ snyk-docker-plugin Public
forked from snyk/snyk-docker-plugin

This plugin provides dependency metadata for Docker images

License

View license
0 stars 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

adrobuta/snyk-docker-plugin

BranchesTags
 
 

Repository files navigation

Snyk logo

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

ℹ️ This repository is only a plugin to be used with the Snyk CLI tool. To use this plugin to test and fix vulnerabilities in your project, install the Snyk CLI tool first. Head over to snyk.io to get started.

Snyk Docker CLI Plugin

This plugin provides dependency metadata for Docker images.

Supported functionality

Package managers:

  • rpm, apk, deb

Operating systems:

  • Debian, Red Hat, Alpine, Oracle, CentOS, SLES, OpenSUSE, Amazon Linux, vanilla Linux
  • Distroless and scratch images

Platforms:

  • Linux: ARM, AMD, PPC, MIPS, s390x

Image protocols:

  • Docker archive, OCI archive
  • pulling images from a Docker socket
  • pulling from container registries (with support for username and password authentication)

Applications:

  • Node (npm, yarn)
  • Java (jar files)
  • detecting package manager manifests (Python, Ruby)

Others:

  • Dockerfile analysis
  • identifying Node and Java binaries installed outside the package manager
  • running on Windows (not the same as scanning Windows containers)
  • collecting the rootFs hashes for base image detection and recommendation

Tests

Refer to test/README.md for running and writing tests.

About

This plugin provides dependency metadata for Docker images

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 99.2%
  • Other 0.8%