Open a terminal at the docker-goof
directory.
-
Build the image
docker build -t docker-goof .
-
Test the image
snyk test --docker docker-goof --file=Dockerfile
All-in-one to clone and run:
git clone [email protected]:snyk/docker-goof && \
cd docker-goof && \
docker build -t docker-goof . && \
snyk test --docker docker-goof --file=Dockerfile
To build all images:
./build.sh
To test all images:
./test.sh
All of these screenshots demonstrate the extra value provided when a
Dockerfile is supplied via the CLI --file
argument.
For example:
snyk test --docker docker-goof --file=Dockerfile
This screenshot shows alternative images that may be used in the Dockerfile's
FROM
line to reduce vulnerabilities. Minor upgrades are the most likely to
be compatible, Major are potentially breaking depending on how the image is
used, and Alternative architecture images are given for more technical users
to investigate.
This screenshot shows an image with a vulnerability introduced by the base
image (the FROM
line in a Dockerfile) with the "Introduced by your base
image ..." line
This screenshot shows a binary vulnerability; something not managed by the package manager of the operating system inside the container.
This screenshot shows an image introduced by a user in their Dockerfile and highlights the exact command that introduced the vulnerability, with the "Introduced in your Dockerfile by ..." line