Skip to content

Instantly share code, notes, and snippets.

@rajiteh

rajiteh/Dockerfile

Last active January 9, 2022 08:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rajiteh/f4cfe8780f82e4255ca3c7952db8ffca to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rajiteh/f4cfe8780f82e4255ca3c7952db8ffca to your computer and use it in GitHub Desktop.
Download ZIP
scan the running images in your local docker socket for vulnerabilities using trivy (log4j / log4shell)
Raw
README.md

Build: docker build -t scanner .

Run: docker run -it --rm -v $(HOME)/.cache/:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock scanner /scan.sh

Raw
Dockerfile
FROM aquasec/trivy
RUN apk add --no-cache docker-cli
ADD scan.sh /scan.sh
ENTRYPOINT ["sh"]
Raw
scan.sh
#!/bin/sh
for cid in $(docker ps -q); do
image=$(docker inspect --format='{{.Config.Image}}' ${cid})
if echo ${image} | grep -q '/'; then
echo "-------- Scanning ${image}"
trivy -q image -s CRITICAL ${image}
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment