By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Scanning Docker images for vulnerabilities helps prevent security breaches by identifying potential weaknesses. Use a vulnerability scanner like Docker Scout, Trivy, or Snyk to scan images.
sudo apt-get install docker-scan
docker scan <image_name>
sudo apt-get install trivy
trivy image <image_name>
sudo apt-get install snyk
snyk test <image_name>
sudo apt-get purge docker-scan trivy snyk
Purpose: Scan the official Ubuntu image for vulnerabilities.Command: docker scan ubuntu Flags: -v for verbose output, -f for format output.Explanation: The -v flag shows detailed information about each vulnerability, while the -f flag formats the output for easier reading.
docker scan ubuntu
-v
-f
Purpose: Scan a private image for vulnerabilities.Command: docker scan my-private-image Flags: -v for verbose output, -f for format output.Explanation: The -v flag shows detailed information about each vulnerability, while the -f flag formats the output for easier reading.
docker scan my-private-image
Purpose: Scan multiple images for vulnerabilities.Command: docker scan ubuntu centos fedora Flags: -v for verbose output, -f for format output.Explanation: The -v flag shows detailed information about each vulnerability, while the -f flag formats the output for easier reading.
docker scan ubuntu centos fedora
Error message: Error: image not found Why it happens: The image does not exist locally.Fix: docker pull <image_name> to download the image.
Error: image not found
docker pull <image_name>
Error message: Error: scanner not installed Why it happens: The scanner is not installed.Fix: sudo apt-get install <scanner_name> to install the scanner.
Error: scanner not installed
sudo apt-get install <scanner_name>
Error message: Error: scanner not supported Why it happens: The scanner is not supported by the Docker version.Fix: docker version to check the Docker version and update it if necessary.
Error: scanner not supported
docker version
Situation: You want to check if an image is up-to-date.Command: docker scan <image_name> --latest Output: A report showing the latest version of the image and any vulnerabilities.
docker scan <image_name> --latest
Situation: You want to check if an image has any vulnerabilities.Command: docker scan <image_name> --vulnerable Output: A report showing any vulnerabilities in the image.
docker scan <image_name> --vulnerable
Situation: You want to check if an image is not vulnerable.Command: docker scan <image_name> --no-vulnerabilities Output: A report showing that the image has no vulnerabilities.
docker scan <image_name> --no-vulnerabilities
• Docker Scout: docker-scan <image_name> ? Verify with 'docker version' • Trivy: trivy image <image_name> • Snyk: snyk test <image_name> • Scanner flags: -v for verbose output, -f for format output • Image flags: --latest for latest version, --vulnerable for vulnerabilities, --no-vulnerabilities for no vulnerabilities • ⚠️ Always check the Docker version before running a scanner.• ⚠️ Always update the scanner to the latest version.
docker-scan <image_name>
--latest
--vulnerable
--no-vulnerabilities
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.