Skip to content

Commit 25f610e

Browse files
tomoyamachikotakanbe
tomoyamachi
authored and
kotakanbe
committed
Update tutorial-scan-docker-image.md (#76)
1 parent ebbb924 commit 25f610e

File tree

1 file changed

+33
-7
lines changed

1 file changed

+33
-7
lines changed

docs/tutorial-scan-docker-image.md

Lines changed: 33 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@ sidebar_label: Scan Docker Image
66

77
## Container Image Scanning
88

9-
Vuls v0.8.0 can scan Docker images using [knqyf263/trivy](https://github.com/knqyf263/trivy).
9+
Vuls v0.8.0 can scan Docker images using [aquasecurity/fanal](https://github.com/aquasecurity/fanal).
1010

1111
The following registries are supported:
1212

13-
- ECR
14-
- GCR
13+
- Docker Hub
14+
- Amazon ECR (Elastic Container Registry)
15+
- GCR (Google Container Registry)
1516
- Local Image
1617

1718
## Config.toml
@@ -20,22 +21,47 @@ The following registries are supported:
2021
[servers]
2122
[servers.image]
2223
type="pseudo"
24+
# Public GCR
2325
[servers.image.images.hyperkube]
2426
name="gcr.io/google-containers/hyperkube"
2527
tag="v1.11.10"
28+
29+
# Docker Hub
2630
[servers.image.images.web-dvwa]
2731
name="vulnerables/web-dvwa"
2832
tag="latest"
29-
[servers.image.images.gcr]
30-
name="asia.gcr.io/bizshift-stg/api"
33+
34+
# Each image can have credential information
35+
# If there is no information, use default credential information. (default credential path, default aws cli credential etc)
36+
37+
# Private ECR
38+
[servers.image.images.privateecr]
39+
name="xxxxx.dkr.ecr.us-west-1.amazonaws.com/imagename"
40+
tag="targetTag"
41+
[servers.image.images.privateecr.dockerOption]
42+
awsAccessKey="accesskey"
43+
awsSecretKey="secret"
44+
awsRegion="us-west-1"
45+
46+
# Private GCR
47+
[servers.image.images.privategcr]
48+
name="asia.gcr.io/projectname/reponame"
3149
tag="latest"
32-
[servers.image.images.gcr.dockerOption]
33-
gcpCredPath="/Users/amachi/Downloads/key.json"
50+
[servers.image.images.privategcr.dockerOption]
51+
gcpCredPath="/path/to/key.json"
3452

53+
# Private Docker Hub
54+
[servers.image.images.privatehub]
55+
name="privateimage"
56+
tag="targetTag"
57+
[servers.image.images.privatehub.dockerOption]
58+
userName="user"
59+
password="password"
3560
```
3661

3762
## Library scan
3863

64+
Vuls v0.8.0 can scan library using [aquasecurity/trivy](https://github.com/aquasecurity/trivy).
3965
Trivy automatically detects the following lock files:
4066

4167
- Gemfile.lock

0 commit comments

Comments
 (0)