Docker Security Analysis Tools
Currently Docker Scan support these actions:
Registry
Delete: Delete remote image / tag
Info: Show info from remote registry
Push: Push and image (like Docker client)
Upload: Upload random a file
Image
Analyze: Looking for sensitive information in a Docker image.
Looking for passwords in environment vars.
Try to find any URL / IP in the environment vars.
Try to deduce the user using internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
Extract: extract a docker image
info: Get a image meta information
modify:
entrypoint: change the entrypoint in a docker
trojanize: inject a reverser shell into a docker image
user: change running user in a docker image
Very quick install
> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan
Show options:
> dockerscan -h
Download