Scanning Docker images with Debricked

  • 15 May 2023
  • 1 reply

Hi all,


I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin ( and then import that.


Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back!


TLDR: To scan Docker images with Debricked, you need to do the following:


  1. Install and run the Docker SBOM CLI plugin,, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:
    docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json
  2. Run Debricked CLI,,  and it will automatically pick up the CycloneDX report files.
  3. Profit! See results in pipeline and Debricked UI.

1 reply

Userlevel 4

@sweoggy thanks so much for sharing your tips with the community!