Overview
Scan images and container registries with RapidFort

Prerequisites

rfscan is included with the RapidFort Command Line Interface (CLI) tools.
  • The client system must meet the minimum requirements to install the RapidFort CLI tools.
  • The client system must have sufficient storage space to accommodate pulling images that are not currently available locally and temporarily exporting images to disk.
    • Note that rfscan will check if there is sufficient space before exporting images and will attempt to clean up temporary directories and files after exporting and scanning images.
  • The client system must be able to run Docker containers as root.
  • The client system must have access to Amazon S3 so that rfscan can download dependencies.
  • The client system must provide write access to a folder where rfscan can save scan reports.
    • By default, rfscan will save scan reports in ~/rapidfort/reports/<timestamp>.
    • This can be overridden with the --reports_folder command line parameter.
  • The client system must have a rfscan configuration file set up for rfscan to pull images or scan registries. For more information, please visit Registry Configuration.

Registry Scanning

rfscan supports scanning the following types of container registries:
  • Docker Hub
  • JFrog
  • Amazon Elastic Container Registry (ECR)
  • Microsoft Azure Container Registry (ACR)
If your registry type is not currently supported, please submit a feature request to [email protected]. You will still be able to scan images.