Scanning Docker images with Debricked

  • 15 May 2023
  • 1 reply
  • 149 views

Hi all,

 

I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin (https://github.com/docker/sbom-cli-plugin) and then import that.

 

Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back!

 

TLDR: To scan Docker images with Debricked, you need to do the following:

 

  1. Install and run the Docker SBOM CLI plugin, https://github.com/docker/sbom-cli-plugin, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:
    docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json
  2. Run Debricked CLI, https://github.com/debricked/cli,  and it will automatically pick up the CycloneDX report files.
  3. Profit! See results in pipeline and Debricked UI.

1 reply

Userlevel 4

@sweoggy thanks so much for sharing your tips with the community!

Reply