dockscan
Scan Docker installations for security issues and vulnerabilities.
Features
- plugin based system for discovery, audit and reporting
- able to scan local and remote docker installations
- plugins are easy to write
Requirements
- Ruby 2.0 or above (1.9.x does not work!)
- Ruby gem: docker-api (docker)
Installation
You can install dockscan by installing dockscan gem:
gem install dockscan
Usage
Typical usage for scanning docker installation.
If you wish to scan local Docker installation:
dockscan unix:///var/run/docker.sock
If you wish to scan remote Docker installation and produce HTML report:
dockscan -r html -o myreport -v tcp://example.com:5422
If you wish to scan remote Docker installation and produce text report:
dockscan -r txt -o myreport -v tcp://example.com:5422
Environment variables
DOCKER_CERT_PATH will configure dockscan to use SSL
DOCKER_SSL_VERIFY if set to false will not verify certificates.
ToDo
- Implement web frontend for scanner
- Progress bars
Done
- Different reporting (HTML, txt, ...)