A script to automate docker image vulnerability scanning using open-source tools like grype, trivy and docker-scout. And later, filter the result to get the unique ones and store it inside .xlsx file.
- Get the image details from a input file
- Pull the image locally if it does not exist
- Scan using open-source tools and get json files for each
- Repeats the process untill all images from the input file is completed
- Parse the json output files from each tool
- Filter the unique result with details like CVE, Severity, Package, Installed Version, Fixed Versions and Source.
- Start deleting all the pulled images to save the system storage.
- Keeps track of failed scans or command errors during the process inside
Failed_cases.txtfile (only if failed).
- Windows envirnoment
- Python3 and run
pip install xlsxwriter - Start Docker (Desktop-GUI or deamon)
- grype, trivy and docker-scout (logged-in) - should be accessible.
usage: docker-multi-scan.py [-h] --file FILE --output OUTPUT
Docker image scan and result filtration
options:
-h, --help show this help message and exit
--file FILE, -f FILE Input file path containing the list of docker images
--output OUTPUT, -o OUTPUT
Output directory path to save json file and excel file