Aptible can perform Security Scans of your Docker images using Clair.

What is Scanned?

Security Scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:

• Debian / Ubuntu: Security Scans scan for packages installed using dpkg or its apt-get frontend.
• CentOS / Red Hat: Security Scans scan for packages installed using rpm or its frontends yum and dnf.
• Alpine Linux: Security Scans scan for packages installed using apk.

In particular Security Scans do not scan for:

• Packages installed from source (e.g. using make && make install).
• Packages installed language-level package managers such as bundler, npm, pip, yarn, composer etc. (third-party vulnerability analysis providers support those, and you can incorporate them in e.g. a CI process).

Accessing Scans

Scans are run when you visit the Security Scans tab within an App or when you click the “Re-run report” button. Scans are available via the Aptible Dashboard: navigate to the Security Scans tab on an App and review the list of vulnerabilities.