How to scan Docker containers and images for vulnerabilities?

How to scan Docker containers and images for vulnerabilities?

In recent times, threat actors have devised complex techniques for exploiting vulnerabilities in Docker containers and images, affecting even large companies such as Google, Facebook and Yahoo. While malicious hackers try to find more sophisticated attack methods, cybersecurity companies and independent researchers work on preventing these attacks, looking for ways to protect these resources from any potential risk.

The software unification process (DevOps) requires the establishment of functional image scanning and validation mechanisms, comprehensively protecting these processes. This time, web application security experts from the International Institute of Cyber Security (IICS) will show you the best methods to detect any potential vulnerability in your containers, as well as establish monitoring routines for added protection.        

Up next we will briefly review the various options available to perform these security processes in Docker.


Clair is an open source project for exploiting vulnerabilities in Docker containers and applications. Web application security experts describe it as an API-driven analytics engine that checks layer by layer for container security flaws, and allows you to automatically monitor all containers for exploitable vulnerabilities by sending real-time notifications to the administrator.

It should be noted that this tool works with the information available in the National Vulnerability Database (NVD).


Trivy is an easy-to-use vulnerability scanner and great support for detecting packet failures across multiple operating systems and application dependencies.

Among Trivy’s main features are:

  • Detection of complex vulnerabilities

  • Simplicity

  • Efficiency

  • Compatible with Travis CI, CircleCI, Jenkins, GitLab CI, ..