Scan for vulnerabilities in your docker image or a directory
Every release of package scanner provides binary releases for a variety of OSes. These binary versions can be manually downloaded and installed.
- Go to the releases page and download the native client package based on your OS and CPU architecture.
- Unpack it
tar -zxvf package-scanner_Linux_x86_64.tar
docker pull longhornio/csi-snapshotter:v6.2.1
./package-scanner -source longhornio/csi-snapshotter:v6.2.1 -container-runtime docker
docker pull nginx:latest
./package-scanner -source nginx:latest -severity critical
./package-scanner --source dir:<directory full path>
- make tools
- make cli
- This will generate
package-scanner
binary in the current directory
- make docker-cli
- docker images should show new image with name quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.0
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/deepfenceio/deepfence_package_scanner_cli 2.5.0 e06fb1cd3868 About an hour ago 569MB
nginx latest 1403e55ab369 8 days ago 142MB
docker pull nginx:latest
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock --name package-scanner quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.0 -source nginx:latest