Overview
You can scan Docker images containers by running the Unified Agent in Docker mode ( using the 'docker.scanImages' parameter). In
In this mode, only the Docker Image scan and Package Manager scan (scanPackageManager) will take place.
A General scan using local resolvers (package manager) will only take place if the resolvers are installed and available locally. the Linux packages are detected, and a general scan of the image file system is performed for package managers' based resolution and identification of source files/binaries.
| Info |
|---|
For scanning an RPM-based Docker container, RPM database compatibility between the container and the machine in which the scan is performed will increase the accuracy of the results. |
...
Configurations
Set the Boolean property '
docker.scanImages' in the config file to true. This setting runs a "docker images" command in the background and parses the output line by line with the docker.includes and docker.excludes GLOB patterns in order to select which of the existing docker images to scan.Set the GLOB pattern property for '
docker.includes' and 'docker.excludes'.Set the Integer property 'archiveExtractionDepth' when you wish to extract archive files from the docker image.
...
Alternatively, you can leave both the 'docker.includes' and 'docker.excludes' parameters commented out if you want to scan all your image containers.
The scanner saves your required images and scans all the file system systems and installed packages.
It scans all the image layers, and handles archive files in the layers based on the value in the property 'archiveExtractionDepth'.
The Docker image is saved to the temporary directory defined in your environment , and is deleted immediately after the scan.
...