dockscan is security vulnerability and audit scanner for Docker installations
Ruby Shell

README.md

Build Status Coverage Status

dockscan

logo

Scan Docker installations for security issues and vulnerabilities.

Features

  • plugin based system for discovery, audit and reporting
  • able to scan local and remote docker installations
  • plugins are easy to write

Requirements

  • Ruby 2.0 or above (1.9.x does not work!)
  • Ruby gem: docker-api (docker)

Installation

You can install dockscan by installing dockscan gem:

gem install dockscan

Usage

Typical usage for scanning docker installation.

If you wish to scan local Docker installation:

dockscan unix:///var/run/docker.sock

If you wish to scan remote Docker installation and produce HTML report:

dockscan -r html -o myreport -v tcp://example.com:5422

If you wish to scan remote Docker installation and produce text report:

dockscan -r txt -o myreport -v tcp://example.com:5422

Environment variables

DOCKER_CERT_PATH will configure dockscan to use SSL

DOCKER_SSL_VERIFY if set to false will not verify certificates.

ToDo

  • Implement web frontend for scanner
  • Progress bars

Done

  • Different reporting (HTML, txt, ...)