docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hub: refresh static scanning feature 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-09-28 08:57:04 +02:00
parent c4f9b25316
commit 5c20e977d6
1 changed files with 36 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
content/docker-hub/vulnerability-scanning.md
View File

@ -1,22 +1,26 @@
--- ---
description: Hub Basic vulnerability scanning description: Static vulnerability scanning in Docker Hub
keywords: scanning, vulnerabilities, Hub, basic keywords: scanning, vulnerabilities, Hub, static
title: Basic vulnerability scanning title: Static vulnerability scanning
--- ---
> **Note** > **Note**
> >
> Hub Vulnerability Scanning requires a > This page describes the legacy static vulnerability scanning feature of
> [Docker Pro, Team, or Business subscription](../subscription/index.md). > Docker Hub. There's also [Docker Scout](../scout/_index.md), which provides
> more detailed and always up-to-date results, guided remediation steps for
> improving your security posture, and more.
>
> Docker Hub static scanning requires a [Docker Pro, Team, or Business
> subscription](../subscription/index.md).
Docker Hub vulnerability scanning lets you automatically scan Docker images for Docker Hub static vulnerability scanning lets you automatically run a
vulnerabilities. point-in-time scan on your Docker images for vulnerabilities.
When you push an image to a Docker Hub repository after turning on vulnerability When you push an image to a Docker Hub repository after turning on static
scanning, Docker Hub automatically scans the image to identify vulnerabilities. scanning, Docker Hub automatically scans the image to identify vulnerabilities.
Vulnerability Scanning lets you review the security state of your images and The scan results shows the security state of your images at the time when the
take actions to fix issues identified during the scan, resulting in more secure scan was run.
deployments.
Scan results include: Scan results include:
@ -26,12 +30,11 @@ Scan results include:
- A recommended fixed version, if available, to remediate the vulnerabilities - A recommended fixed version, if available, to remediate the vulnerabilities
discovered. discovered.
## Changes to vulnerability scanning in Docker Hub ## Changes to static scanning in Docker Hub
From February 27th, 2023, Docker began rolling out changes to the technology From February 27th, 2023, Docker changed the technology that supports the
that supports the Docker Hub Vulnerability Scanning feature. Docker Hub Docker Hub static scanning feature. The static scanning is now powered natively
Vulnerability Scanning is now powered natively by Docker, instead of a by Docker, instead of a third-party.
third-party.
As a result of this change, scanning now detects vulnerabilities at a more As a result of this change, scanning now detects vulnerabilities at a more
granular level than before. This in turn means that vulnerability reports may granular level than before. This in turn means that vulnerability reports may
@ -43,15 +46,10 @@ There is no action required on your part. Scans continue to run as usual
with no interruption or changes to pricing. Historical data continues to be with no interruption or changes to pricing. Historical data continues to be
available. available.
This page describes the Basic Hub vulnerability scanning feature. There's also ## Scan images with static vulnerability scanning
the [Docker Scout image analysis](../scout/image-analysis.md) feature, that
provides more in-depth results and guided remediation steps for improving your
security posture.
## Scan images with Basic vulnerability scanning
Repository owners and administrators of a Docker Pro, Team, or a Business tier Repository owners and administrators of a Docker Pro, Team, or a Business tier
enable and disable Basic vulnerability scanning. When scanning is active on a enable and disable static vulnerability scanning. When scanning is active on a
repository, anyone with push access can trigger a scan by pushing an image to repository, anyone with push access can trigger a scan by pushing an image to
Docker Hub. Docker Hub.
@ -60,23 +58,22 @@ a Team, or a Business subscription can view the detailed scan reports.
> **Note** > **Note**
> >
> Basic vulnerability scanning supports scanning images which are of AMD64 > Static vulnerability scanning supports scanning images which are of AMD64
> architecture, Linux OS, and are less than 10 GB in size. > architecture, Linux OS, and are less than 10 GB in size.
### Turn on Basic vulnerability scanning ### Turn on static vulnerability scanning
Repository owners and administrators can enable Basic vulnerability scanning on Repository owners and administrators can enable static vulnerability scanning
a repository. If you are a member of a Team or a Business subscription, ensure on a repository. If you are a member of a Team or a Business subscription,
the repository you would like to enable scanning on is part of the Team or a ensure the repository you would like to enable scanning on is part of the Team
Business tier. or a Business tier.
To enable Basic vulnerability scanning: To enable static vulnerability scanning:
1. Sign in to your [Docker Hub](https://hub.docker.com) account. 1. Sign in to your [Docker Hub](https://hub.docker.com) account.
2. Select **Repositories** and then choose a repository. 2. Select **Repositories** and then choose a repository.
3. Go to the **Settings** tab. 3. Go to the **Settings** tab.
4. Under **Image insight settings**, select **Basic Hub vulnerability 4. Under **Image security insight settings**, select **Static scanning**.
scanning**.
5. Select **Save**. 5. Select **Save**.
### Scan an image ### Scan an image
@ -95,7 +92,7 @@ repository for which you have turned on scanning:
$ docker tag redis <your-Docker-ID>/<your-repo-name>:latest $ docker tag redis <your-Docker-ID>/<your-repo-name>:latest
``` ```
4. Push the image to Docker Hub to trigger Basic vulnerability scanning on the 4. Push the image to Docker Hub to trigger a static vulnerability scan for the
image: image:
```console ```console
@ -106,8 +103,8 @@ repository for which you have turned on scanning:
To view the vulnerability report: To view the vulnerability report:
1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to view a summary of the Basic 1. Go to [Docker Hub](https://hub.docker.com) and open the repository page to
vulnerability scanning report. view a summary of the static vulnerability scanning report.
It may take a couple of minutes for the vulnerability report to appear in It may take a couple of minutes for the vulnerability report to appear in
your repository. your repository.
@ -157,13 +154,13 @@ Docker Scout can provide you with concrete and contextual remediation steps for
improving image security. For more information, see improving image security. For more information, see
[Docker Scout](../scout/index.md). [Docker Scout](../scout/index.md).
### Turn off Basic vulnerability scanning ### Turn off static vulnerability scanning
Repository owners and administrators can disable Basic vulnerability scanning on Repository owners and administrators can disable static vulnerability scanning
a repository. To disable scanning: on a repository. To disable scanning:
1. Sign in to your [Docker Hub](https://hub.docker.com) account. 1. Sign in to your [Docker Hub](https://hub.docker.com) account.
2. Go to **Repositories** and then select a repository from the list. 2. Go to **Repositories** and then select a repository from the list.
3. Go to the **Settings** tab. 3. Go to the **Settings** tab.
4. Under **Image insight settings**, select **None**. 4. Under **Image security insight settings**, select **None**.
5. Select **Save**. 5. Select **Save**.