General usage
Granted Docker is installed on your machine, download Meterian convenience script docker-scan.sh.
Render the script executable and simply invoke a one-time analysis of any given Docker image by executing docker-scan.sh
(the target image must be already pulled on you machine)
$ ./docker-scan.sh redis:latest
Following this invocation the analysis kicks off and a link to the final results is displayed right at the end. Here is a sample:
Meterian Docker Scanner v1.1.3, build e9ca5c9-260
© 2017-2022 Meterian Ltd - All rights reserved
Account: "Meterian Team Account"
- Minimum scores:
- security: 90
- stability: 90
- licensing: 90
Project information:
- url: docker:redis
- branch: latest
- commit: 495732ba570db6a3626370a1fb949e98273a13d41eb3e26f7ecb1f6e31ad4041
Scanning image: redis:latest
Preparing 3 scanners to the task...
Scanning - completed 1 out of 3 scans...
Scanning - completed 2 out of 3 scans...
Scanning - completed 3 out of 3 scans...
Merging results from 3 scanners...
Image scan was successful!
Analysing packages on Meterian...
Analysing vulnerabilities on Meterian...
Analysis completed!
Final results:
- security: 0 (minimum: 95)
- stability: 97 (minimum: 95)
- licensing: 100 (minimum: 95)
Full report available at:
https://www.meterian.com/projects/?pid=77621462-b218-4295-b15c-830467f554ef&branch=latest
Build unsuccessful!
Failed checks: [security]
Analyses need to be authenticated hence you will need to provide a valid token through the environment variable METERIAN_API_TOKEN
to execute one.
The script essentially runs the official container scanner Docker image meterian/cs-engine:latest
taking care of essential volume maps and environment variables presets for you.
Operational flags and overrides
The Meterian docker-scan
script allows to provide different levels of verbosity of the output prompts seen above. Invoke the script with the flag
--info
for additional information logs to be displayed--debug
for complete debug logs to be displayed
Operational overrides are available through the environment variables
DSE_SCAN_TIMEOUT_MINUTES
Set this variable to override the time limit for single image scans. The default time limit is 10 minutes
METERIAN_ENV
For on-premises instances of Meterian set this variable to target the right subdomain of the site where your instance runs
METERIAN_PROTO
For on-premises instances of Meterian set this variable to target the right HTTP protocol of the site where your instance runs
METERIAN_DOMAIN
For on-premises instances of Meterian set this variable to target the right domain of the site where your instance runs
Last updated
Was this helpful?