Docker Image Vulnerability:

Docker Image scanning is a course of identifying known security weaknesses in the bundles of your Docker Image. This offers you the chance to find weaknesses in holder pictures and fix them prior to pushing the picture to a vault or running them as a container.

Trivy is an open-source and straightforward and vulnerability Scanner for containers and different artifacts. It distinguishes weaknesses of OS bundles and furthermore application conditions. Prior to pushing to a compartment vault or sending your application, you can filter your local Image and different curios without any problem.

Installation of Trivy Scanner:

$ wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb

$ sudo dpkg -i trivy_0.18.3_Linux-64bit.deb

or,

$ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s — -b /usr/local/bin v0.16.0

To check run the below command, on successful installation you will get the following output:

$ trivy

Scan Docker Image Using Trivy Scanner:

Now let us scan an image for vulnerability in it. In the below scan we are going to scan an nginx image of version 1.19.3

$ trivy image nginx:1.19.3

Let us now check for a secure image, perform the below command for the nginx image

$ trivy image nginx:1.19.9-alpine

$ trivy image [YOUR_IMAGE_NAME]

How to Fix the Vulnerabilities

Use the recommended version of the image for the operating system you are using in your environment. If a new vulnerability is found in an existing image, the maintainers of the repository will often fix it and release a new version.