What’s dockerscan
A Docker analysis tools
Very quick install
> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan
Show options:
> dockerscan -h
Available actions
Currently Docker Scan support these actions:
Scan: Scan a network trying to locate Docker Registries
Registry
Image
Analyze: Looking for sensitive information in a Docker image.
Extract: extract a docker image
Info: Get a image meta information
Modify:
What’s the difference from Clair or Docker Cloud?
The purpose of Dockerscan is different. It’s foccussed in the attack phase.
Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.
Documentation
Documentation is still in progress…
For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:
https://www.slideshare.net/secret/fxVqD2iXqanOCX
Or you can watch it in video format (recommended):
Also, you can watch a dockerscan usage demo:
Download dockerscan