Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.gitlab.com/tutorials/container_scanning/ below:

Tutorial: Scan a Docker container for vulnerabilities

Help us learn about your current experience with the documentation.

.

• Tier: Free, Premium, Ultimate
• Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

You can use container scanning to check for vulnerabilities in container images stored in the container registry.

Container scanning configuration is added to the pipeline configuration of a project. In this tutorial, you:

1. Create a new project.
2. Add a Dockerfile file to the project. This Dockerfile contains minimal configuration required to create a Docker image.
3. Create pipeline configuration for the new project to create a Docker image from the Dockerfile, build and push a Docker image to the container registry, and then scan the Docker image for vulnerabilities.
4. Check for reported vulnerabilities.
5. Update the Docker image and scan the updated image.

To create the new project

1. On the left sidebar, at the top, select Create new ( plus ) and New project/repository.
2. Select Create blank project.
3. In Project name, enter Tutorial container scanning project.
4. In Project URL, select a namespace for the project.
5. Select Create project.

To provide something for container scanning to work on, create a Dockerfile with very minimal configuration:

1. In your Tutorial container scanning project project, select plus > New file.

2. Enter the filename Dockerfile, and provide the following contents for the file:

Docker images created from this Dockerfile are based on hello-world Docker image.

1. Select Commit changes.

Now you’re ready to create pipeline configuration. The pipeline configuration:

1. Builds a Docker image from the Dockerfile file, and pushes the Docker image to the container registry. The build-image job uses Docker-in-Docker as a CI/CD service to build the Docker image.
2. Includes the Container-Scanning.gitlab-ci.yml template, to scan the Docker image stored in the container registry.

To create the pipeline configuration:

1. In the root directory of your project, select plus > New file.

2. Enter the filename .gitlab-ci.yml, and provide the following contents for the file:

   include:
     - template: Jobs/Container-Scanning.gitlab-ci.yml
   
   container_scanning:
     variables:
       CS_IMAGE: $CI_REGISTRY_IMAGE/tutorial-image
   
   build-image:
     image: docker:24.0.2
     stage: build
     services:
       - docker:24.0.2-dind
     script:
       - docker build --tag $CI_REGISTRY_IMAGE/tutorial-image --file Dockerfile .
       - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
       - docker push $CI_REGISTRY_IMAGE/tutorial-image

3. Select Commit changes.

You’re almost done. After you commit the file, a new pipeline starts with this configuration. When it’s finished, you can check the results of the scan.

Vulnerabilities for a scan are located on the pipeline that ran the scan. To check for reported vulnerabilities:

1. Select CI/CD > Pipelines and select the most recent pipeline. This pipeline should consist of a job called container_scanning in the test stage.
2. If the container_scanning job was successful, select the Security tab. If any vulnerabilities were found, they are listed on that page.

A Docker image based on hello-world:latest is unlikely to show any vulnerabilities. For an example of a scan that reports vulnerabilities:

1. In the root directory of your project, select the existing Dockerfile file.
2. Select Edit.
3. Replace FROM hello-world:latest with a different Docker image for the FROM instruction. The best Docker images to demonstrate container scanning have:
   • Operating system packages. For example, from Debian, Ubuntu, Alpine, or Red Hat.
   • Programming language packages. For example, NPM packages or Python packages.
4. Select Commit changes.

After you commit changes to the file, a new pipeline starts with this updated Dockerfile. When it’s finished, you can check the results of the new scan.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4