Assess Docker Image Security Compliance with cnspec
Use cnspec to scan Docker images and containers for security misconfigurations, CVEs, and end of life operating systems using the built in Mondoo security policies or your own custom policies.
Docker images
Use cnspec to scan Docker images in public or private container registries using their registry name:
cnspec scan docker ubuntu:latest
cnspec scan docker elastic/elasticsearch:7.2.0
cnspec scan docker gcr.io/google-containers/ubuntu:22.04
cnspec scan docker registry.access.redhat.com/ubi8/ubi
If the Docker agent is installed, you can scan images by their id:
cnspec scan docker docker-image-id
Docker containers
Scan a running or stopped Docker container by the container ID:
cnspec scan docker docker-container-id
note
You can only scanDocker containers if the Docker engine is installed.