Detect vulnerable base images from Dockerfile

Snyk detects vulnerable base images by scanning your Dockerfile when importing a Git repository. This allows you to examine security issues before building the image and thus helps solve potential problems before they land in your registry or in production.

When scanning Dockerfiles, Snyk can provide vulnerability information and base image recommendations for supported base images from this list.

After you integrate your Git repository to Snyk, any Dockerfiles in that repository are automatically picked up and shown in the Web UI as Projects.

Linking from a Dockerfile to its container images

You can also link from a Dockerfile to all container images built from it. This linking can be used to understand the security impact on your running applications and to understand which images can be better secured or need to be rebuilt when you are taking action and updating the Dockerfile base image.

Dockerfile Project showing linked images

See Base image detection for more details about detecting vulnerable base images and fix recommendations.

PreviousAdding your Dockerfile and testing your base image NextAutomatically link between Dockerfile and images using labels

Last updated 2 years ago

Was this helpful?