Scanning Images

Scanning Images

rfscan accepts one or more images as command line parameters.
1
rfscan <registry>/<repository>:<tag>
Copied!
Alternatively, you may specify a text file containing a list of images (one image per line).
1
<registry>/<repository1>:<tag1>
2
<registry>/<repository2>:<tag2>
3
<registry>/<repository3>:<tag3>
Copied!
1
rfscan <path_to_text_file>
Copied!
For example:
1
rfscan docker.io/redis:latest
Copied!
1
rfscan docker.io/ubuntu:16.04 docker.io/ubuntu:18.04 docker.io/ubuntu:20.04
Copied!

Tutorial: Scan the MySQL Docker Image

In this tutorial, we will use rfscan to scan the MySQL Docker image.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
1
rflogin <your-email-address>
Copied!

Step 2: Scan the MySQL Docker Image

Run rfscan to scan the MySQL image. Note that rfscan will automatically try to pull the image if it does not exist locally.
1
rfscan docker.io/mysql:latest
Copied!
If you encounter issues, please try pulling the MySQL image before running rfscan:
1
$ docker pull docker.io/mysql:latest
2
$ rfscan docker.io/mysql:latest
Copied!

Step 3: View Scan Reports

By default, rfscan will save scan reports in ~/rapidfort/reports/<timestamp>.
Since we scanned one image in this tutorial, we expect the following reports:
  • Scan Summary
  • SBOM Report
  • Vulnerabilities Report
  • Estimates Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
1
SCAN SUMMARY
2
-------------------------------------------------------------------------------
3
Total # of Images Scanned: 1
4
Total Attack Surface: 509.3 MB
5
Total # of Packages: 134
6
Total # of Vulnerabilities: 150
7
POC: 4
8
Critical: 9
9
High: 66
10
Medium: 55
11
Low: 19
12
Total # of Vulnerabilities with Patches: 0
13
-------------------------------------------------------------------------------
14
15
IMAGE DETAILS
16
-------------------------------------------------------------------------------
17
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
18
mysql:latest 509.3 MB ~43.1 MB 150 (POC: 4) ~24
19
-------------------------------------------------------------------------------
20
21
POC ATTACK RISK SUMMARY
22
--------------------------------------------------------------------------------
23
POC Published
24
Severity: Critical
25
No vulnerabilities found
26
Severity: High
27
CVE-2019-3843 mysql:latest
28
CVE-2019-3844 mysql:latest
29
Rapid Risk Score >= 70.0%
30
Severity: Critical
31
CVE-2019-9893 mysql:latest
32
CVE-2013-4441 mysql:latest
33
CVE-2021-35942 mysql:latest
34
Severity: High
35
CVE-2019-3843 mysql:latest
36
CVE-2021-39537 mysql:latest
37
CVE-2019-3844 mysql:latest
38
CVE-2020-6096 mysql:latest
39
--------------------------------------------------------------------------------
Copied!
You may also view the image and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)

Tutorial: Scan a List of Docker Images

In this tutorial, we will use rfscan to scan a list of Docker images.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
1
rflogin <your-email-address>
Copied!

Step 2: Create a List of Images to Scan

Create a text file called image_list and add some images to scan (one image per line):
image_list
1
docker.io/debian:11
2
docker.io/debian:10
3
docker.io/debian:9
Copied!

Step 3: Scan the List of Images

Scan the list of images:
1
rfscan <path_to_image_list>
Copied!
rfscan will fetch and scan each image.
If you encounter issues, please try pulling the images before running rfscan:
1
$ docker pull docker.io/debian:11
2
$ rfscan <path_to_image_list>
Copied!

Step 4: View Scan Reports

When more than one image is scanned, rfscan will generate unique SBOM and vulnerabilities reports in addition to per-image SBOM and vulnerabilities reports. The unique SBOM and vulnerabilities reports aggregate all unique packages and vulnerabilities found in the batch of images.
  • Scan Summary
  • Per-Image SBOM Reports
  • Per-Image Vulnerabilities Reports
  • Estimates Report
  • Unique SBOM Report
  • Comparison SBOM Report
  • Unique Vulnerabilities Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
1
SCAN SUMMARY
2
-------------------------------------------------------------------------------
3
Total # of Images Scanned: 3
4
Total Attack Surface: 338.6 MB
5
Total # of Packages: 270
6
Total # of Vulnerabilities: 361
7
POC: 13
8
Critical: 33
9
High: 137
10
Medium: 146
11
Low: 42
12
Total # of Vulnerabilities with Patches: 8
13
-------------------------------------------------------------------------------
14
15
IMAGE DETAILS
16
-------------------------------------------------------------------------------
17
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
18
docker.io/debian:9 100.6 MB ~4.1 MB 192 (POC: 9) ~31
19
docker.io/debian:10 114.1 MB ~4.9 MB 109 (POC: 4) ~18
20
docker.io/debian:11 123.9 MB ~5.4 MB 60 (POC: 0) ~10
21
-------------------------------------------------------------------------------
22
23
POC ATTACK RISK SUMMARY
24
--------------------------------------------------------------------------------
25
POC Published
26
Severity: Critical
27
No vulnerabilities found
28
Severity: High
29
CVE-2019-3844 docker.io/debian:10
30
CVE-2019-3843 docker.io/debian:10
31
CVE-2018-1000001 docker.io/debian:9
32
CVE-2017-18078 docker.io/debian:9
33
CVE-2019-3843 docker.io/debian:9
34
CVE-2019-3844 docker.io/debian:9
35
Rapid Risk Score >= 70.0%
36
Severity: Critical
37
CVE-2021-35942 docker.io/debian:10
38
CVE-2019-9893 docker.io/debian:10
39
CVE-2021-35942 docker.io/debian:9
40
Severity: High
41
CVE-2019-3844 docker.io/debian:10
42
CVE-2021-43396 docker.io/debian:11
43
CVE-2020-6096 docker.io/debian:10
44
CVE-2019-3843 docker.io/debian:10
45
CVE-2018-1000001 docker.io/debian:9
46
CVE-2017-18078 docker.io/debian:9
47
CVE-2021-39537 docker.io/debian:10
48
CVE-2019-3843 docker.io/debian:9
49
CVE-2020-6096 docker.io/debian:9
50
CVE-2021-39537 docker.io/debian:11
51
CVE-2021-39537 docker.io/debian:9
52
CVE-2019-3844 docker.io/debian:9
53
--------------------------------------------------------------------------------
Copied!
You may also view the images and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)