mirror of https://github.com/docker/docs.git
hub: refresh static scanning feature
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson
parent
c4f9b25316
commit
5c20e977d6
|
|
@ -1,22 +1,26 @@
|
|||
---
|
||||
description: Hub Basic vulnerability scanning
|
||||
keywords: scanning, vulnerabilities, Hub, basic
|
||||
title: Basic vulnerability scanning
|
||||
description: Static vulnerability scanning in Docker Hub
|
||||
keywords: scanning, vulnerabilities, Hub, static
|
||||
title: Static vulnerability scanning
|
||||
---
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Hub Vulnerability Scanning requires a
|
||||
> [Docker Pro, Team, or Business subscription](../subscription/index.md).
|
||||
> This page describes the legacy static vulnerability scanning feature of
|
||||
> Docker Hub. There's also [Docker Scout](../scout/_index.md), which provides
|
||||
> more detailed and always up-to-date results, guided remediation steps for
|
||||
> improving your security posture, and more.
|
||||
>
|
||||
> Docker Hub static scanning requires a [Docker Pro, Team, or Business
|
||||
> subscription](../subscription/index.md).
|
||||
|
||||
Docker Hub vulnerability scanning lets you automatically scan Docker images for
|
||||
vulnerabilities.
|
||||
Docker Hub static vulnerability scanning lets you automatically run a
|
||||
point-in-time scan on your Docker images for vulnerabilities.
|
||||
|
||||
When you push an image to a Docker Hub repository after turning on vulnerability
|
||||
When you push an image to a Docker Hub repository after turning on static
|
||||
scanning, Docker Hub automatically scans the image to identify vulnerabilities.
|
||||
Vulnerability Scanning lets you review the security state of your images and
|
||||
take actions to fix issues identified during the scan, resulting in more secure
|
||||
deployments.
|
||||
The scan results shows the security state of your images at the time when the
|
||||
scan was run.
|
||||
|
||||
Scan results include:
|
||||
|
||||
|
|
@ -26,12 +30,11 @@ Scan results include:
|
|||
- A recommended fixed version, if available, to remediate the vulnerabilities
|
||||
discovered.
|
||||
|
||||
## Changes to vulnerability scanning in Docker Hub
|
||||
## Changes to static scanning in Docker Hub
|
||||
|
||||
From February 27th, 2023, Docker began rolling out changes to the technology
|
||||
that supports the Docker Hub Vulnerability Scanning feature. Docker Hub
|
||||
Vulnerability Scanning is now powered natively by Docker, instead of a
|
||||
third-party.
|
||||
From February 27th, 2023, Docker changed the technology that supports the
|
||||
Docker Hub static scanning feature. The static scanning is now powered natively
|
||||
by Docker, instead of a third-party.
|
||||
|
||||
As a result of this change, scanning now detects vulnerabilities at a more
|
||||
granular level than before. This in turn means that vulnerability reports may
|
||||
|
|
@ -43,15 +46,10 @@ There is no action required on your part. Scans continue to run as usual
|
|||
with no interruption or changes to pricing. Historical data continues to be
|
||||
available.
|
||||
|
||||
This page describes the Basic Hub vulnerability scanning feature. There's also
|
||||
the [Docker Scout image analysis](../scout/image-analysis.md) feature, that
|
||||
provides more in-depth results and guided remediation steps for improving your
|
||||
security posture.
|
||||
|
||||
## Scan images with Basic vulnerability scanning
|
||||
## Scan images with static vulnerability scanning
|
||||
|
||||
Repository owners and administrators of a Docker Pro, Team, or a Business tier
|
||||
enable and disable Basic vulnerability scanning. When scanning is active on a
|
||||
enable and disable static vulnerability scanning. When scanning is active on a
|
||||
repository, anyone with push access can trigger a scan by pushing an image to
|
||||
Docker Hub.
|
||||
|
||||
|
|
@ -60,23 +58,22 @@ a Team, or a Business subscription can view the detailed scan reports.
|
|||
|
||||
> **Note**
|
||||
>
|
||||
> Basic vulnerability scanning supports scanning images which are of AMD64
|
||||
> Static vulnerability scanning supports scanning images which are of AMD64
|
||||
> architecture, Linux OS, and are less than 10 GB in size.
|
||||
|
||||
### Turn on Basic vulnerability scanning
|
||||
### Turn on static vulnerability scanning
|
||||
|
||||
Repository owners and administrators can enable Basic vulnerability scanning on
|
||||
a repository. If you are a member of a Team or a Business subscription, ensure
|
||||
the repository you would like to enable scanning on is part of the Team or a
|
||||
Business tier.
|
||||
Repository owners and administrators can enable static vulnerability scanning
|
||||
on a repository. If you are a member of a Team or a Business subscription,
|
||||
ensure the repository you would like to enable scanning on is part of the Team
|
||||
or a Business tier.
|
||||
|
||||
To enable Basic vulnerability scanning:
|
||||
To enable static vulnerability scanning:
|
||||
|
||||
1. Sign in to your [Docker Hub](https://hub.docker.com) account.
|
||||
2. Select **Repositories** and then choose a repository.
|
||||
3. Go to the **Settings** tab.
|
||||
4. Under **Image insight settings**, select **Basic Hub vulnerability
|
||||
scanning**.
|
||||
4. Under **Image security insight settings**, select **Static scanning**.
|
||||
5. Select **Save**.
|
||||
|
||||
### Scan an image
|
||||
|
|
@ -95,7 +92,7 @@ repository for which you have turned on scanning:
|
|||
$ docker tag redis <your-Docker-ID>/<your-repo-name>:latest
|
||||
```
|
||||
|
||||
4. Push the image to Docker Hub to trigger Basic vulnerability scanning on the
|
||||
4. Push the image to Docker Hub to trigger a static vulnerability scan for the
|
||||
image:
|
||||
|
||||
```console
|
||||
|
|
@ -106,8 +103,8 @@ repository for which you have turned on scanning:
|
|||
|
||||
To view the vulnerability report:
|
||||
|
||||
1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to view a summary of the Basic
|
||||
vulnerability scanning report.
|
||||
1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to
|
||||
view a summary of the static vulnerability scanning report.
|
||||
|
||||
It may take a couple of minutes for the vulnerability report to appear in
|
||||
your repository.
|
||||
|
|
@ -157,13 +154,13 @@ Docker Scout can provide you with concrete and contextual remediation steps for
|
|||
improving image security. For more information, see
|
||||
[Docker Scout](../scout/index.md).
|
||||
|
||||
### Turn off Basic vulnerability scanning
|
||||
### Turn off static vulnerability scanning
|
||||
|
||||
Repository owners and administrators can disable Basic vulnerability scanning on
|
||||
a repository. To disable scanning:
|
||||
Repository owners and administrators can disable static vulnerability scanning
|
||||
on a repository. To disable scanning:
|
||||
|
||||
1. Sign in to your [Docker Hub](https://hub.docker.com) account.
|
||||
2. Go to **Repositories** and then select a repository from the list.
|
||||
3. Go to the **Settings** tab.
|
||||
4. Under **Image insight settings**, select **None**.
|
||||
4. Under **Image security insight settings**, select **None**.
|
||||
5. Select **Save**.
|
||||
|
|
|
|||
Loading…
Reference in New Issue