Chris Hines

Webinar Q&A: Scanning Images and Ensuring Secure Content with Docker Security Scanning

A few weeks back we released Docker Security Scanning. The tool formerly known as Nautilus provides binary scanning of images on a layer by layer basis. It then provides teams with the actionable intelligence they need in or to ensure they are leveraging secure base images as they build their applications, helping to secure the application delivery pipeline. The feature is available today as a free preview within Docker Cloud.



We hosted a webinar recently on Docker Security Scanning that gave an overview of the tool and showed a live demo of how the new Docker Cloud feature works. Watch the webinar replay below.


Here are some of the most commonly asked questions with answers from the webinar:


Q: How does the scan work exactly? What exactly is being scanned?

A: Docker Security Scanning performs a step before scanning the bits inside the image. First we understand all the layers and the packages contained in each layer. The service scans the binaries inside the packages and compute signatures of the binaries (binary fingerprint) in the image to compare them to the known components and vulnerabilities attached to them. Security Scanning checks not only the name and version of the package but ensures that the bits inside the package are what they say they are.


Q: Is output data only available in Docker Cloud? Or Docker Hub as well?

A: Currently during the free trial period, the results of private repo scans are available to view within Docker Cloud. In the future, the private repo scan results will be made available in Docker Hub as well. For Official Repos, the results are publicly available to view in Docker Hub.


Q: When will this be available for official images?

A: Docker Security Scanning has been available as a tool for Official Repo maintainers since November 2015. As of the May 10th release, the results of the Official Repo image scans are available publicly. To view the results, you will need to be logged in to Docker Hub.
Q: What vulnerability databases are used for the lookup?

A. Docker Security Scanning checks against all of the major CVE databases including Mitre, NVD and others.


Q: Will this be made available on-premises?

A: Yes. We understand that the ability to scan and understand the security profile of images is important for all Docker users. We are currently in the process of making this available for Docker Datacenter customers for on-premises or VPC deployment. In the meantime, users can trial the experience in Docker cloud.

See what Docker Security Scanning customers have to say about their experience!


“After using Docker Security Scanning to inspect our private repo, it became clear to us that the best course of action would be to migrate to a new base image. By using this tool, we can be assured that we are building a secure environment for all of our business-critical Dockerized applications.”

– Ami Goldenberg, Co-Founder and CTO at FairFly


“The output data that we received from the Docker Security Scanning proved to be very valuable to us. This tool is a very effective for reviewing our components and for building a security profile for the images within our scanned private repos. The process is seamless. Our images are scanned from our private repository, hosted within Docker Hub, without having to make any changes to our existing process. Since the tool operates on a binary level, we can trust that all the installed components are scanned.”


– Valentin Chartier, Senior Manager of Cloud Services at HomeByMe-3DVIA, a Dassault Systemes (3DS) company

“The data provided by Docker Security Scanning allows us to focus on the security of the software we write. It gives us the reassurance we need to know that all the underlying container images have been scanned and are safe to use in an enterprise environment.”


– Matthew Rea, Senior Manager of Engineering at Harbortouch


For more information on Docker Cloud, click here or here to view the Docker Cloud datasheet.



Learn More about Docker

, , , ,

Chris Hines

Webinar Q&A: Scanning Images and Ensuring Secure Content with Docker Security Scanning

Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.