About

In this project, you will put container image vulnerability scanning in practice. You'll be using Trivy, an open-source container security tool that demonstrates the ability to scan both a container configuration file (Dockerfile) and a container image. In a project scenario, Trivy could be provided to developers on their workstations to allow scanning and feedback during coding, as well as being integrated into an automated CI/CD pipeline for formal build validation. Other open-source and commercial container image scanning tools are also available.

This tutorial shows you how to create an image and scan it to highlight any vulnerabilities and configuration flaws. Using this information, you can reduce and remove vulnerabilities and flaws where possible.

A Look at the Project Ahead

By working through this project, you will learn how to:

Select an optimal parent image needed to create a container image, by
- Using up-to-date parent images to reduce vulnerability count
- Using slim/minimal images to reduce unnecessary components
Check the configuration for any security weaknesses
Ensure your Docker container is aligned with the best security practices

What You’ll Need

This course is for complete beginners, so all you need is a web browser and a willingness to learn! Everything else will be provided to you through the the IBM Skills Network Labs environment, where you will have access to the Cloud IDE and a Docker installation.

This platform works best with current versions of Chrome, Edge, Firefox, Internet Explorer or Safari.

Your Instructors

Michelle Saltoun, IBM

Scan an Image for Vulnerabilities and Configuration Flaws with Trivy

Language

Topic

Enrollment Count

Offered By

Estimated Effort

Platform

Last Update