R
R
RapidFort User Documentation
Search…
Welcome to RapidFort
RapidFort Support
RapidFort SaaS
RapidFort SaaS Solution
RapidFort On-Premises
RapidFort On-Premises Solution
RapidFort AWS Prerequisites
RapidFort Helm Chart AWS Deployment
RapidFort Standalone AWS Commercial Console Deployment
RapidFort Standalone AWS GovCloud Console Deployment
Using RapidFort
RapidFort Command Line Interface Tools
RapidFort User Interface
RapidFort Service Accounts
Getting Started Guides
Getting Started: Stub and Harden a Docker Image
Getting Started: Stub and Harden a Docker Image with Docker-Compose
Getting Started: Stub and Harden a Docker Image with Kubernetes
Getting Started: Stub and Harden a Docker Image with GitLab
Getting Started: Stub and Harden a Docker Image with Bitbucket
Getting Started: Scan a Docker Image
How To Guides
Add the SYS_PTRACE Linux Kernel Capability
Verify that Profiling Information is Propagated to RapidFort
Download Reports
RapidFort GitLab CI/CD Integration
Using RapidFort with Helm Charts
Scanning with RapidFort
Overview
Registry Configuration
Scanning Images
Scanning Container Registries
Scanning Amazon Elastic Container Registry (ECR) Images
Advanced Features
Workload Tags
Hardening Features
Hardening Profiles
Powered By GitBook
Scanning Images

Scanning Images

rfscan accepts one or more images as command line parameters.
1
rfscan <registry>/<repository>:<tag>
Copied!
Alternatively, you may specify a text file containing a list of images (one image per line).
1
<registry>/<repository1>:<tag1>
2
<registry>/<repository2>:<tag2>
3
<registry>/<repository3>:<tag3>
Copied!
1
rfscan <path_to_text_file>
Copied!
For example:
1
rfscan docker.io/redis:latest
Copied!
1
rfscan docker.io/ubuntu:16.04 docker.io/ubuntu:18.04 docker.io/ubuntu:20.04
Copied!

Tutorial: Scan the MySQL Docker Image

In this tutorial, we will use rfscan to scan the MySQL Docker image.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
1
rflogin <your-email-address>
Copied!

Step 2: Scan the MySQL Docker Image

Run rfscan to scan the MySQL image. Note that rfscan will automatically try to pull the image if it does not exist locally.
1
rfscan docker.io/mysql:latest
Copied!
If you encounter issues, please try pulling the MySQL image before running rfscan:
1
$ docker pull docker.io/mysql:latest
2
$ rfscan docker.io/mysql:latest
Copied!

Step 3: View Scan Reports

By default, rfscan will save scan reports in ~/rapidfort/reports/<timestamp>.
Since we scanned one image in this tutorial, we expect the following reports:
  • Scan Summary
  • SBOM Report
  • Vulnerabilities Report
  • Estimates Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
1
SCAN SUMMARY
2
-------------------------------------------------------------------------------
3
Total # of Images Scanned: 1
4
Total Attack Surface: 509.3 MB
5
Total # of Packages: 134
6
Total # of Vulnerabilities: 150
7
POC: 4
8
Critical: 9
9
High: 66
10
Medium: 55
11
Low: 19
12
Total # of Vulnerabilities with Patches: 0
13
-------------------------------------------------------------------------------
14
​
15
IMAGE DETAILS
16
-------------------------------------------------------------------------------
17
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
18
mysql:latest 509.3 MB ~43.1 MB 150 (POC: 4) ~24
19
-------------------------------------------------------------------------------
20
​
21
POC ATTACK RISK SUMMARY
22
--------------------------------------------------------------------------------
23
POC Published
24
Severity: Critical
25
No vulnerabilities found
26
Severity: High
27
CVE-2019-3843 mysql:latest
28
CVE-2019-3844 mysql:latest
29
Rapid Risk Score >= 70.0%
30
Severity: Critical
31
CVE-2019-9893 mysql:latest
32
CVE-2013-4441 mysql:latest
33
CVE-2021-35942 mysql:latest
34
Severity: High
35
CVE-2019-3843 mysql:latest
36
CVE-2021-39537 mysql:latest
37
CVE-2019-3844 mysql:latest
38
CVE-2020-6096 mysql:latest
39
--------------------------------------------------------------------------------
Copied!
You may also view the image and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)

Tutorial: Scan a List of Docker Images

In this tutorial, we will use rfscan to scan a list of Docker images.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
1
rflogin <your-email-address>
Copied!

Step 2: Create a List of Images to Scan

Create a text file called image_list and add some images to scan (one image per line):
image_list
1
docker.io/debian:11
2
docker.io/debian:10
3
docker.io/debian:9
Copied!

Step 3: Scan the List of Images

Scan the list of images:
1
rfscan <path_to_image_list>
Copied!
rfscan will fetch and scan each image.
If you encounter issues, please try pulling the images before running rfscan:
1
$ docker pull docker.io/debian:11
2
$ rfscan <path_to_image_list>
Copied!

Step 4: View Scan Reports

When more than one image is scanned, rfscan will generate unique SBOM and vulnerabilities reports in addition to per-image SBOM and vulnerabilities reports. The unique SBOM and vulnerabilities reports aggregate all unique packages and vulnerabilities found in the batch of images.
  • Scan Summary
  • Per-Image SBOM Reports
  • Per-Image Vulnerabilities Reports
  • Estimates Report
  • Unique SBOM Report
  • Comparison SBOM Report
  • Unique Vulnerabilities Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
1
SCAN SUMMARY
2
-------------------------------------------------------------------------------
3
Total # of Images Scanned: 3
4
Total Attack Surface: 338.6 MB
5
Total # of Packages: 270
6
Total # of Vulnerabilities: 361
7
POC: 13
8
Critical: 33
9
High: 137
10
Medium: 146
11
Low: 42
12
Total # of Vulnerabilities with Patches: 8
13
-------------------------------------------------------------------------------
14
​
15
IMAGE DETAILS
16
-------------------------------------------------------------------------------
17
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
18
docker.io/debian:9 100.6 MB ~4.1 MB 192 (POC: 9) ~31
19
docker.io/debian:10 114.1 MB ~4.9 MB 109 (POC: 4) ~18
20
docker.io/debian:11 123.9 MB ~5.4 MB 60 (POC: 0) ~10
21
-------------------------------------------------------------------------------
22
​
23
POC ATTACK RISK SUMMARY
24
--------------------------------------------------------------------------------
25
POC Published
26
Severity: Critical
27
No vulnerabilities found
28
Severity: High
29
CVE-2019-3844 docker.io/debian:10
30
CVE-2019-3843 docker.io/debian:10
31
CVE-2018-1000001 docker.io/debian:9
32
CVE-2017-18078 docker.io/debian:9
33
CVE-2019-3843 docker.io/debian:9
34
CVE-2019-3844 docker.io/debian:9
35
Rapid Risk Score >= 70.0%
36
Severity: Critical
37
CVE-2021-35942 docker.io/debian:10
38
CVE-2019-9893 docker.io/debian:10
39
CVE-2021-35942 docker.io/debian:9
40
Severity: High
41
CVE-2019-3844 docker.io/debian:10
42
CVE-2021-43396 docker.io/debian:11
43
CVE-2020-6096 docker.io/debian:10
44
CVE-2019-3843 docker.io/debian:10
45
CVE-2018-1000001 docker.io/debian:9
46
CVE-2017-18078 docker.io/debian:9
47
CVE-2021-39537 docker.io/debian:10
48
CVE-2019-3843 docker.io/debian:9
49
CVE-2020-6096 docker.io/debian:9
50
CVE-2021-39537 docker.io/debian:11
51
CVE-2021-39537 docker.io/debian:9
52
CVE-2019-3844 docker.io/debian:9
53
--------------------------------------------------------------------------------
Copied!
You may also view the images and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)
Scanning with RapidFort - Previous
Registry Configuration
Next - Scanning with RapidFort
Scanning Container Registries
Last modified 2mo ago
Copy link
Contents
Scanning Images
Tutorial: Scan the MySQL Docker Image
Tutorial: Scan a List of Docker Images