Prerequisites for adding a Dockerfile
To receive base image fix advice, including major, minor, and alternative upgrades, as well as advice when you need to rebuild your image, ensure you:
Have configured your preferred Git repository
Have imported the repository that contains the relevant Dockerfile.
You can add a single Dockerfile to each image that you have imported.
Add a Dockerfile
To add a Dockerfile for additional fix advice:
In the Projects tab, find your Project by using a filter and navigate to the Project page.
On the Project page, navigate to Settings.
On the Settings page, under Dockerfile, click Configure Dockerfile and select the relevant Git repository from the dropdown.
On the page listing the available repositories, select the relevant repository which contains your Dockerfile.
Under Path to your Dockerfile, add the relative path to your Dockerfile, in the following format: /path/dockerfile.
Click Update your Dockerfile.
Snyk scans the Project again and provides relevant base image fix advice. You can see the fix advice on the Project page, under Recommendations for upgrading the base image.
The following information is displayed: Current image, Minor upgrades, Major Upgrades, Alternative upgrades, the number of vulnerabilities for each, and a severity ranking.
Scan the base image from a Dockerfile
Snyk detects vulnerable base images by scanning your Dockerfile when you import a Git repository. This allows you to examine security issues before building the image and thus helps solve potential problems before they land in your registry or in production.
When scanning Dockerfiles, Snyk can provide vulnerability information and base image recommendations for supported base images.
After you integrate your Git repository with Snyk, any Dockerfiles in that repository are automatically identified and shown in the Web UI as Projects.
For details about detecting vulnerable base images in containers and fix recommendations, see Detect the container base image.