Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Overview

You can scan Docker containers by running the Unified Agent in Docker mode using the docker.scanContainers parameter. 

In this mode, the Linux packages are detected, and a general scan of the container file system is performed for package managers' based resolution and identification of source files/binaries.

For scanning an RPM-based Docker container, RPM database compatibility between the container and the machine in which the scan is performed will increase the accuracy of the results.

Prerequisites

  • Docker installed

  • Unified Agent version 19.1.2 and above 

NOTE: When scanning a Docker container on Windows, the CMD tool must be executed with the 'Run as Administrator' option.

Configurations

  • Set the Boolean property docker.scanContainers in the config file to true. By default, the Unified Agent will scan all your Docker containers.

  • Set the GLOB pattern property for docker.containerIncludes and docker.containerExcludes if you want to be more specific about which containers to scan. 

Examples

docker.scanContainers=true
docker.containerIncludes=.*alpine.*
docker.containerExcludes=.*2017.10.01.* .*2017.06.01.*


The above example configures the Unified Agent to scan all the docker containers containing an image named *alpine.*, except for the 2 image tags in the 'excludes' section.

docker.scanContainers=true
docker.containerIncludes=.*4c01db0b339c.*
docker.containerExcludes=

The above example configures the Unified Agent to scan all the docker containers containing a container with id 4c01db0b339c.

docker.scanContainers=true
docker.containerIncludes=.*webapp.*
docker.containerExcludes=.*webapp-dev.*

The above example configures the Unified Agent to scan all the docker containers containing the name 'webapp', except for the containers including the name 'webapp-dev'.

The scanner saves your required containers and scans all the file systems and installed packages.

The Docker container is saved to the temporary directory defined in your environment and is deleted immediately after the scan.

The scanning results are presented in a new WhiteSource project identified by the name of the container in the following format:  <container id> <container name> (<repository name>).
The project is created in the WhiteSource product specified in the config file or command line.

  • No labels

Copyright © 2024 Mend.io (White Source Ltd.) | All rights reserved.