snyk-docker-plugin

by snyk
4.28.0 (see all)

This plugin provides dependency metadata for Docker images

Downloads/wk

161K

GitHub Stars

20

Maintenance

Last Commit

9d ago

Contributors

61

Package

Dependencies

18

License

Apache-2.0

Type Definitions

Built-In

Tree-Shakeable

No?

Readme

Snyk logo

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

ℹ️ This repository is only a plugin to be used with the Snyk CLI tool. To use this plugin to test and fix vulnerabilities in your project, install the Snyk CLI tool first. Head over to snyk.io to get started.

Snyk Docker CLI Plugin

This plugin provides dependency metadata for Docker images.

Supported functionality

Package managers:

  • rpm, apk, deb

Operating systems:

  • Debian, Red Hat, Alpine, Oracle, CentOS, SLES, OpenSUSE, Amazon Linux, vanilla Linux
  • Distroless and scratch images

Platforms:

  • Linux: ARM, AMD, PPC, MIPS, s390x

Image protocols:

  • Docker archive, OCI archive
  • pulling images from a Docker socket
  • pulling from container registries (with support for username and password authentication)

Applications:

  • Node (npm, yarn)
  • Java (jar files)
  • detecting package manager manifests (Python, Ruby)

Others:

  • Dockerfile analysis
  • identifying Node and Java binaries installed outside the package manager
  • running on Windows (not the same as scanning Windows containers)
  • collecting the rootFs hashes for base image detection and recommendation

Tests

Refer to test/README.md for running and writing tests.

