Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/snyk-labs/docker-goof

A demo repo showcasing Snyk's Docker offering
https://github.com/snyk-labs/docker-goof

Last synced: about 2 months ago
JSON representation

A demo repo showcasing Snyk's Docker offering

Host: GitHub
URL: https://github.com/snyk-labs/docker-goof
Owner: snyk-labs
Created: 2019-02-06T16:19:17.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2022-10-11T16:46:43.000Z (almost 2 years ago)
Last Synced: 2024-06-14T12:49:03.393Z (3 months ago)
Language: Shell
Homepage:
Size: 1.56 MB
Stars: 25
Watchers: 59
Forks: 503
Open Issues: 92
Metadata Files:
- Readme: README.md
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

# Docker Goof

Open a terminal at the `docker-goof` directory.

1. Build the image

```console
docker build -t docker-goof .
```

2. Test the image

```console
snyk test --docker docker-goof --file=Dockerfile
```

All-in-one to clone and run:

```console
git clone [email protected]:snyk/docker-goof && \
cd docker-goof && \
docker build -t docker-goof . && \
snyk test --docker docker-goof --file=Dockerfile
```

## Utility scripts

To build all images:

```console
./build.sh
```

To test all images:

```console
./test.sh
```

## Screenshots

All of these screenshots demonstrate the extra value provided when a
Dockerfile is supplied via the CLI `--file` argument.

For example:

```console
snyk test --docker docker-goof --file=Dockerfile
```

### Base Image Remediation

This screenshot shows alternative images that may be used in the Dockerfile's
`FROM` line to reduce vulnerabilities. Minor upgrades are the most likely to
be compatible, Major are potentially breaking depending on how the image is
used, and Alternative architecture images are given for more technical users
to investigate.

![Base Image Remediation Screenshot](screenshots/base_image_remediation.png "Base Image Remediation")

### Base Image Vulnerability

This screenshot shows an image with a vulnerability introduced by the base
image (the `FROM` line in a Dockerfile) with the "Introduced by your base
image ..." line

![Base Image Vulnerability Screenshot](screenshots/base_image_vulnerability.png "Base Image Vulnerability")

### Binary Vulnerability

This screenshot shows a binary vulnerability; something not managed by the
package manager of the operating system inside the container.

![Binary Vulnerability Screenshot](screenshots/binary_vulnerability.png "Binary Vulnerability")

### User-introduced / Dockerfile Vulnerability

This screenshot shows an image introduced by a user in their Dockerfile and
highlights the exact command that introduced the vulnerability, with the
"Introduced in your Dockerfile by ..." line

![User-introduced / Dockerfile vulnerability screenshot](screenshots/user_introduced_vulnerability.png "User-introduced / Dockerfile Vulnerability")