Scan Docker installations for security issues and vulnerabilities.
- plugin based system for discovery, audit and reporting
- able to scan local and remote docker installations
- plugins are easy to write
- Ruby 2.0 or above (1.9.x does not work!)
- Ruby gem: docker-api (docker)
You can install dockscan by installing dockscan gem:
gem install dockscan
Typical usage for scanning docker installation.
If you wish to scan local Docker installation:
dockscan unix:///var/run/docker.sock
If you wish to scan remote Docker installation and produce HTML report:
dockscan -r html -o myreport -v tcp://example.com:5422
If you wish to scan remote Docker installation and produce text report:
dockscan -r txt -o myreport -v tcp://example.com:5422
DOCKER_CERT_PATH will configure dockscan to use SSL
DOCKER_SSL_VERIFY if set to false will not verify certificates.
- Implement web frontend for scanner
- Progress bars
- Different reporting (HTML, txt, ...)