docker scanを使ってみる

事前にhttps://snyk.ioへSign upしている事が前提です

# docker scan –login

To authenticate your account, open the below URL in your browser.
After your authentication is complete, return to this prompt to start using Snyk.

ブラウザで以下URLを開いて認証します
https://snyk.io/login?token=TOKOROTEN&utm_medium=Partner&utm_source=Docker&utm_campaign=Docker-Desktop-2020&os=linux&docker=true

認証が正常に通るとコマンドラインへ以下のメッセージが表示されscanが出来ます
Your account has been authenticated. Snyk is now ready to be used.

# docker scan kujiranodanna/iot-house_docker:ubuntu20.04

以下大量のメッセージが出力、指示に従いアップグレードすると変化はあるも0にはならない
From: exim4@4.93-13ubuntu1.5 > exim4/exim4-base@4.93-13ubuntu1.5 > systemd/systemd-sysv@245.4-4ubuntu3.13 > systemd@245.4-4ubuntu3.13 > apparmor/libapparmor1@2.13.3-7ubuntu5.1
…

✗ Medium severity vulnerability found in apache2/apache2-bin
Description: HTTP Request Smuggling
Info: https://snyk.io/vuln/SNYK-UBUNTU2004-APACHE2-1303376
..
Tested 494 dependencies for known issues, found 111 issues.
Base Image Vulnerabilities Severity
ubuntu:20.04 19 0 critical, 0 high, 3 medium, 16 low

Recommendations for base image upgrade:

Major upgrades
Base Image Vulnerabilities Severity
ubuntu:impish-20211015 13 0 critical, 0 high, 2 medium, 11 low
…