Aptible Deploy can perform Security Scans of your Docker images using Clair.
Security Scans look for vulnerable OS packages installed in your Docker images on supported Linux distributions:
- Debian / Ubuntu: Security Scans scan for packages installed using
- CentOS / Red Hat: Security Scans scan for packages installed using
rpmor its frontends
- Alpine Linux: Security Scans scan for packages installed using
In particular Security Scans do not scan for:
- Packages installed from source (e.g. using
make && make install).
- Packages installed language-level package managers such as
composeretc. (third-party vulnerability analysis providers support those, and you can incorporate them in e.g. a CI process).
Scans are available via the Aptible Dashboard: navigate to the Security Scans tab on an App and review the list of vulnerabilities.
Updated 6 months ago