Detect vulnerable base images from your Dockerfile

Prerequisites for adding a Dockerfile

To receive base image fix advice, including major, minor, and alternative upgrades, as well as advice when you need to rebuild your image, ensure you:

• Have configured your preferred Git repository

• Have imported the repository that contains the relevant Dockerfile.

Add a Dockerfile

To add a Dockerfile for additional fix advice:

1. In the Projects tab, find your Project by using a filter and navigate to the Project page.

2. On the Project page, navigate to Settings.

3. On the Settings page, under Dockerfile, click Configure Dockerfile and select the relevant Git repository from the dropdown.

4. On the page listing the available repositories, select the relevant repository which contains your Dockerfile.

5. Under Path to your Dockerfile, add the relative path to your Dockerfile, in the following format: /path/dockerfile.

6. Click Update your Dockerfile.

Snyk scans the Project again and provides relevant base image fix advice. You can see the fix advice on the Project page, under Recommendations for upgrading the base image.

The following information is displayed: Current image, Minor upgrades, Major Upgrades, Alternative upgrades, the number of vulnerabilities for each, and a severity ranking.

Scan the base image from a Dockerfile

Snyk detects vulnerable base images by scanning your Dockerfile when you import a Git repository. This allows you to examine security issues before building the image and thus helps solve potential problems before they land in your registry or in production.

After you integrate your Git repository with Snyk, any Dockerfiles in that repository are automatically identified and shown in the Web UI as Projects.

For details about detecting vulnerable base images in containers and fix recommendations, see Detect the container base image.