Skip to main content

cnspec scan docker image

Scan a Docker image.

Synopsis

Scan a Docker image. You can specify the image ID (such as b6f507652425) or the image name (such as ubuntu:latest).

cnspec scan docker image ID [flags]

Options

      --annotation stringToString        Add an annotation to the asset. (default [])
--ask-pass Ask for connection password.
--asset-name string User override for the asset name.
--detect-cicd Try to detect CI/CD environments and, if successful, set the asset category to 'cicd'. (default true)
--disable-cache Disable the in-memory cache for images. WARNING: This will slow down scans significantly.
--discover string Enable the discovery of nested assets. Supported: 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
--discover-filter stringToString Additional filter for asset discovery. (default [])
-h, --help help for image
--id-detector string User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
-i, --identity-file string Select a file from which to read the identity (private key) for public key authentication.
--incognito Run in incognito mode. Do not report scan results to Mondoo Platform.
--insecure Disable TLS/SSL checks or SSH hostkey config.
--inventory-ansible Set the inventory format to Ansible.
--inventory-domainlist Set the inventory format to domain list.
--inventory-file string Set the path to the inventory file.
-j, --json Set output to JSON (shorthand).
--option --option key=value Additional connection options. You can pass multiple options using --option key=value. (default [])
-o, --output string Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
-p, --password string Password, such as for SSH/WinRM.
--path string Path to a local file or directory for the connection to use.
--policy strings Lists policies to execute. This requires incognito mode. You can pass multiple policies using --policy POLICY
-f, --policy-bundle strings Path to local policy bundle file.
--props stringToString Custom values for properties (default [])
--score-threshold int If any score falls below the threshold, exit 1.
--share create a web-based private reports when cnspec is unauthenticated. Defaults to false.
--sudo Elevate privileges with sudo.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
--config string Set config file path (default $HOME/.config/mondoo/mondoo.yml)
--log-level string Set log level: error, warn, info, debug, trace (default "info")
-v, --verbose Enable verbose output

SEE ALSO