Overview
Scan images and container registries with RapidFort
rfscan is included with the RapidFort Command Line Interface (CLI) tools.
- The client system must meet the minimum requirements to install the RapidFort CLI tools.
- The client system must have sufficient storage space to accommodate pulling images that are not currently available locally and temporarily exporting images to disk.
- Note that rfscan will check if there is sufficient space before exporting images and will attempt to clean up temporary directories and files after exporting and scanning images.
- The client system must be able to run Docker containers as root.
- The client system must have access to Amazon S3 so that rfscan can download dependencies.
- The client system must provide write access to a folder where rfscan can save scan reports.
- By default, rfscan will save scan reports in
~/rapidfort/reports/<timestamp>. - This can be overridden with the
--reports_foldercommand line parameter.
- The client system must have a rfscan configuration file set up for rfscan to pull images or scan registries. For more information, please visit Registry Configuration.
rfscan supports scanning the following types of container registries:
- Docker Hub
- JFrog
- Amazon Elastic Container Registry (ECR)
- Microsoft Azure Container Registry (ACR)
If your registry type is not currently supported, please submit a feature request to [email protected]. You will still be able to scan images.