Skip to main content

Docker

Use Mondoo to scan Docker images and containers for security misconfigurations, CVEs, and end of life operating systems using the built in Mondoo security polices or your own custom policies.

Docker Image Scan

Docker images

Use Mondoo to scan Docker images in public or private container registries using their registry name:

Command Line
mondoo scan docker ubuntu:latest
mondoo scan docker elastic/elasticsearch:7.2.0
mondoo scan docker gcr.io/google-containers/ubuntu:22.04
mondoo scan docker registry.access.redhat.com/ubi8/ubi

If the Docker agent is installed, you can scan images by their id:

Command Line
mondoo scan docker docker-image-id

Docker containers

Scan a running or stopped Docker container by the container ID:

Command Line
mondoo scan docker docker-container-id

Note: Docker container can only be scanned if the Docker engine is installed