cnspec scan docker image

Scan a Docker image.

Synopsis

Scan a Docker image. You can specify the image ID (such as b6f507652425) or the image name (such as ubuntu:latest).

cnspec scan docker image ID [flags]

Options

      --annotation stringToString        Add an annotation to the asset. (default [])
      --ask-pass                         Ask for connection password.
      --asset-name string                User override for the asset name.
      --detect-cicd                      Try to detect CI/CD environments and, if successful, set the asset category to 'cicd'. (default true)
      --disable-cache                    Disable the in-memory cache for images. WARNING: This will slow down scans significantly.
      --discover string                  Enable the discovery of nested assets. Supported: 'all|auto|instances|host-instances|host-machines|container|container-images|pods|cronjobs|statefulsets|deployments|jobs|replicasets|daemonsets' (default "auto")
      --discover-filter stringToString   Additional filter for asset discovery. (default [])
  -h, --help                             help for image
      --id-detector string               User override for platform ID detection mechanism. Supported: hostname, machine-id, aws-ec2, cloud-detect, ssh-host-key, transport-platform-id
  -i, --identity-file string             Select a file from which to read the identity (private key) for public key authentication.
      --incognito                        Run in incognito mode. Do not report scan results to Mondoo Platform.
      --insecure                         Disable TLS/SSL checks or SSH hostkey config.
      --inventory-ansible                Set the inventory format to Ansible.
      --inventory-domainlist             Set the inventory format to domain list.
      --inventory-file string            Set the path to the inventory file.
  -j, --json                             Set output to JSON (shorthand).
      --option --option key=value        Additional connection options. You can pass multiple options using --option key=value. (default [])
  -o, --output string                    Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact")
  -p, --password string                  Password, such as for SSH/WinRM.
      --path string                      Path to a local file or directory for the connection to use.
      --policy strings                   Lists policies to execute. This requires incognito mode. You can pass multiple policies using --policy POLICY
  -f, --policy-bundle strings            Path to local policy bundle file.
      --props stringToString             Custom values for properties (default [])
      --score-threshold int              If any score falls below the threshold, exit 1.
      --share                            create a web-based private reports when cnspec is unauthenticated. Defaults to false.
      --sudo                             Elevate privileges with sudo.

Options inherited from parent commands

      --api-proxy string   Set proxy for communications with Mondoo API
      --config string      Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string   Set log level: error, warn, info, debug, trace (default "info")
  -v, --verbose            Enable verbose output

SEE ALSO

• cnspec scan docker - Scan a Docker container or image.