Detect vulnerable base images from Dockerfile
Snyk detects vulnerable base images by scanning your Dockerfile when importing a Git repository. This allows you to examine security issues before building the image, so helps solve potential problems before they land in your registry or in production.
When scanning Dockerfiles, Snyk can provide vulnerability information and base image recommendations for supported base images from this list.
After you integrate your Git repository to Snyk, any Dockerfiles in it are automatically picked up and surfaced in the web UI as projects.
You can also link from a Dockerfile to all container images built from it. This linking can be used to understand the security impact on your running applications, and understand which images can be better secured or need to be rebuilt when you are taking action and updating the Dockerfile base image.
See Base image detection for more details about detecting vulnerable base images and fix recommendations