This project deals with scanning containers for open source vulnerabilities in different phases of the container lifecycle. Containerised applications are the norm in organizations nowadays, and it is essential that the security of deployed containers be ensured before releasing them into production. Our software scans for vulnerabilities in python code, using static code analysis via Pylint; and scanning for vulnerabilies during the build and running phases using Aquasec and Anchore Inline respectively.
- Add the following lines into the Dockerfile that you want to scan : ADD https://get.aquasec.com/microscanner . RUN chmod +x microscanner RUN ./microscanner ZmJiNGE2YmEwNDU5
- Run $python3 scanner.py -f pythonfilepath -d dockerfiledirectoryname For example, you can run the command below directly $python3 scanner.py -f master/app.py -d master