Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Multi-factor Authentication
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page

Was this helpful?

  1. Container scanner
  2. Container Scanner

General usage

PreviousIntroductionNextCommand line parameters

Last updated 2 years ago

Was this helpful?

Granted on your machine, download Meterian convenience script .

Render the script executable and simply invoke a one-time analysis of any given Docker image by executing docker-scan.sh (the target image must be already pulled on you machine)

$ ./docker-scan.sh redis:latest

Following this invocation the analysis kicks off and a link to the final results is displayed right at the end. Here is a sample:

Meterian Docker Scanner v1.1.3, build e9ca5c9-260
© 2017-2022 Meterian Ltd - All rights reserved

Account: "Meterian Team Account"
- Minimum scores:  
  - security:  90
  - stability: 90
  - licensing: 90

Project information:
- url:    docker:redis
- branch: latest
- commit: 495732ba570db6a3626370a1fb949e98273a13d41eb3e26f7ecb1f6e31ad4041

Scanning image: redis:latest

Preparing 3 scanners to the task...
Scanning - completed 1 out of 3 scans...
Scanning - completed 2 out of 3 scans...
Scanning - completed 3 out of 3 scans...
Merging results from 3 scanners...
Image scan was successful!

Analysing packages on Meterian...
Analysing vulnerabilities on Meterian...
Analysis completed!

Final results: 
- security:	0	(minimum: 95)
- stability:	97	(minimum: 95)
- licensing:	100	(minimum: 95)

Full report available at: 
https://www.meterian.com/projects/?pid=77621462-b218-4295-b15c-830467f554ef&branch=latest

Build unsuccessful!
Failed checks: [security]

Through Docker, the script will ensure to pull the latest version of container scanner image for you if it is not already pulled on your system. Subsequent invocations of the script will not ensure this. Newer versions of the image should be pulled with the docker pull command

$ docker pull meterian/cs-engine:latest

Operational flags and overrides

The Meterian docker-scan script allows to provide different levels of verbosity of the output prompts seen above. Invoke the script with the flag

  • --info for additional information logs to be displayed

  • --debug for complete debug logs to be displayed

Operational overrides are available through the environment variables

Name
Description

DSE_SCAN_TIMEOUT_MINUTES

Set this variable to override the time limit for single image scans. The default time limit is 10 minutes

METERIAN_ENV

For on-premises instances of Meterian set this variable to target the right subdomain of the site where your instance runs

METERIAN_PROTO

For on-premises instances of Meterian set this variable to target the right HTTP protocol of the site where your instance runs

METERIAN_DOMAIN

For on-premises instances of Meterian set this variable to target the right domain of the site where your instance runs

Analyses need to be authenticated hence you will need to provide through the environment variable METERIAN_API_TOKEN to execute one.

The script essentially runs the official container scanner Docker image taking care of essential volume maps and environment variables presets for you.

Docker is installed
docker-scan.sh
a valid token
meterian/cs-engine:latest