Open a terminal at the docker-goof directory.
-
Build the image
docker build -t docker-goof . -
Test the image
snyk test --docker docker-goof --file=Dockerfile
All-in-one to clone and run:
git clone git@github.com:snyk/docker-goof && \
cd docker-goof && \
docker build -t docker-goof . && \
snyk test --docker docker-goof --file=DockerfileTo build all images:
./build.shTo test all images:
./test.shAll of these screenshots demonstrate the extra value provided when a
Dockerfile is supplied via the CLI --file argument.
For example:
snyk test --docker docker-goof --file=DockerfileThis screenshot shows alternative images that may be used in the Dockerfile's
FROM line to reduce vulnerabilities. Minor upgrades are the most likely to
be compatible, Major are potentially breaking depending on how the image is
used, and Alternative architecture images are given for more technical users
to investigate.
This screenshot shows an image with a vulnerability introduced by the base
image (the FROM line in a Dockerfile) with the "Introduced by your base
image ..." line
This screenshot shows a binary vulnerability; something not managed by the package manager of the operating system inside the container.
This screenshot shows an image introduced by a user in their Dockerfile and highlights the exact command that introduced the vulnerability, with the "Introduced in your Dockerfile by ..." line
