From 5c20e977d6854cdbb42a376e08d1c8256da3ae77 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Thu, 28 Sep 2023 08:57:04 +0200 Subject: [PATCH] hub: refresh static scanning feature Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/docker-hub/vulnerability-scanning.md | 75 ++++++++++---------- 1 file changed, 36 insertions(+), 39 deletions(-) diff --git a/content/docker-hub/vulnerability-scanning.md b/content/docker-hub/vulnerability-scanning.md index 2235592141..312cf2387e 100644 --- a/content/docker-hub/vulnerability-scanning.md +++ b/content/docker-hub/vulnerability-scanning.md @@ -1,22 +1,26 @@ --- -description: Hub Basic vulnerability scanning -keywords: scanning, vulnerabilities, Hub, basic -title: Basic vulnerability scanning +description: Static vulnerability scanning in Docker Hub +keywords: scanning, vulnerabilities, Hub, static +title: Static vulnerability scanning --- > **Note** > -> Hub Vulnerability Scanning requires a -> [Docker Pro, Team, or Business subscription](../subscription/index.md). +> This page describes the legacy static vulnerability scanning feature of +> Docker Hub. There's also [Docker Scout](../scout/_index.md), which provides +> more detailed and always up-to-date results, guided remediation steps for +> improving your security posture, and more. +> +> Docker Hub static scanning requires a [Docker Pro, Team, or Business +> subscription](../subscription/index.md). -Docker Hub vulnerability scanning lets you automatically scan Docker images for -vulnerabilities. +Docker Hub static vulnerability scanning lets you automatically run a +point-in-time scan on your Docker images for vulnerabilities. -When you push an image to a Docker Hub repository after turning on vulnerability +When you push an image to a Docker Hub repository after turning on static scanning, Docker Hub automatically scans the image to identify vulnerabilities. -Vulnerability Scanning lets you review the security state of your images and -take actions to fix issues identified during the scan, resulting in more secure -deployments. +The scan results shows the security state of your images at the time when the +scan was run. Scan results include: @@ -26,12 +30,11 @@ Scan results include: - A recommended fixed version, if available, to remediate the vulnerabilities discovered. -## Changes to vulnerability scanning in Docker Hub +## Changes to static scanning in Docker Hub -From February 27th, 2023, Docker began rolling out changes to the technology -that supports the Docker Hub Vulnerability Scanning feature. Docker Hub -Vulnerability Scanning is now powered natively by Docker, instead of a -third-party. +From February 27th, 2023, Docker changed the technology that supports the +Docker Hub static scanning feature. The static scanning is now powered natively +by Docker, instead of a third-party. As a result of this change, scanning now detects vulnerabilities at a more granular level than before. This in turn means that vulnerability reports may @@ -43,15 +46,10 @@ There is no action required on your part. Scans continue to run as usual with no interruption or changes to pricing. Historical data continues to be available. -This page describes the Basic Hub vulnerability scanning feature. There's also -the [Docker Scout image analysis](../scout/image-analysis.md) feature, that -provides more in-depth results and guided remediation steps for improving your -security posture. - -## Scan images with Basic vulnerability scanning +## Scan images with static vulnerability scanning Repository owners and administrators of a Docker Pro, Team, or a Business tier -enable and disable Basic vulnerability scanning. When scanning is active on a +enable and disable static vulnerability scanning. When scanning is active on a repository, anyone with push access can trigger a scan by pushing an image to Docker Hub. @@ -60,23 +58,22 @@ a Team, or a Business subscription can view the detailed scan reports. > **Note** > -> Basic vulnerability scanning supports scanning images which are of AMD64 +> Static vulnerability scanning supports scanning images which are of AMD64 > architecture, Linux OS, and are less than 10 GB in size. -### Turn on Basic vulnerability scanning +### Turn on static vulnerability scanning -Repository owners and administrators can enable Basic vulnerability scanning on -a repository. If you are a member of a Team or a Business subscription, ensure -the repository you would like to enable scanning on is part of the Team or a -Business tier. +Repository owners and administrators can enable static vulnerability scanning +on a repository. If you are a member of a Team or a Business subscription, +ensure the repository you would like to enable scanning on is part of the Team +or a Business tier. -To enable Basic vulnerability scanning: +To enable static vulnerability scanning: 1. Sign in to your [Docker Hub](https://hub.docker.com) account. 2. Select **Repositories** and then choose a repository. 3. Go to the **Settings** tab. -4. Under **Image insight settings**, select **Basic Hub vulnerability - scanning**. +4. Under **Image security insight settings**, select **Static scanning**. 5. Select **Save**. ### Scan an image @@ -95,7 +92,7 @@ repository for which you have turned on scanning: $ docker tag redis /:latest ``` -4. Push the image to Docker Hub to trigger Basic vulnerability scanning on the +4. Push the image to Docker Hub to trigger a static vulnerability scan for the image: ```console @@ -106,8 +103,8 @@ repository for which you have turned on scanning: To view the vulnerability report: -1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to view a summary of the Basic - vulnerability scanning report. +1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to + view a summary of the static vulnerability scanning report. It may take a couple of minutes for the vulnerability report to appear in your repository. @@ -157,13 +154,13 @@ Docker Scout can provide you with concrete and contextual remediation steps for improving image security. For more information, see [Docker Scout](../scout/index.md). -### Turn off Basic vulnerability scanning +### Turn off static vulnerability scanning -Repository owners and administrators can disable Basic vulnerability scanning on -a repository. To disable scanning: +Repository owners and administrators can disable static vulnerability scanning +on a repository. To disable scanning: 1. Sign in to your [Docker Hub](https://hub.docker.com) account. 2. Go to **Repositories** and then select a repository from the list. 3. Go to the **Settings** tab. -4. Under **Image insight settings**, select **None**. +4. Under **Image security insight settings**, select **None**. 5. Select **Save**.