Links

Scanning Images

Scanning Images

rfscan accepts one or more images as command line parameters.
rfscan <registry>/<repository>:<tag>
Alternatively, you may specify a text file containing a list of images (one image per line).
<registry>/<repository1>:<tag1>
<registry>/<repository2>:<tag2>
<registry>/<repository3>:<tag3>
rfscan <path_to_text_file>
For example:
rfscan docker.io/redis:latest
rfscan docker.io/ubuntu:16.04 docker.io/ubuntu:18.04 docker.io/ubuntu:20.04

Tutorial: Scan the MySQL Docker Image

In this tutorial, we will use rfscan to scan the MySQL Docker image.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
rflogin <your-email-address>

Step 2: Scan the MySQL Docker Image

Run rfscan to scan the MySQL image. Note that rfscan will automatically try to pull the image if it does not exist locally.
rfscan docker.io/mysql:latest
If you encounter issues, please try pulling the MySQL image before running rfscan:
$ docker pull docker.io/mysql:latest
$ rfscan docker.io/mysql:latest

Step 3: View Scan Reports

By default, rfscan will save scan reports in ~/rapidfort/reports/<timestamp>.
Since we scanned one image in this tutorial, we expect the following reports:
  • Scan Summary
  • SBOM Report
  • Vulnerabilities Report
  • Estimates Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
SCAN SUMMARY
-------------------------------------------------------------------------------
Total # of Images Scanned: 1
Total Attack Surface: 509.3 MB
Total # of Packages: 134
Total # of Vulnerabilities: 150
POC: 4
Critical: 9
High: 66
Medium: 55
Low: 19
Total # of Vulnerabilities with Patches: 0
-------------------------------------------------------------------------------
IMAGE DETAILS
-------------------------------------------------------------------------------
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
mysql:latest 509.3 MB ~43.1 MB 150 (POC: 4) ~24
-------------------------------------------------------------------------------
POC ATTACK RISK SUMMARY
--------------------------------------------------------------------------------
POC Published
Severity: Critical
No vulnerabilities found
Severity: High
CVE-2019-3843 mysql:latest
CVE-2019-3844 mysql:latest
Rapid Risk Score >= 70.0%
Severity: Critical
CVE-2019-9893 mysql:latest
CVE-2013-4441 mysql:latest
CVE-2021-35942 mysql:latest
Severity: High
CVE-2019-3843 mysql:latest
CVE-2021-39537 mysql:latest
CVE-2019-3844 mysql:latest
CVE-2020-6096 mysql:latest
--------------------------------------------------------------------------------
You may also view the image and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)

Tutorial: Scan a List of Docker Images

In this tutorial, we will use rfscan to scan a list of Docker images.

Step 1: Log Into RapidFort

First, run rflogin to log into RapidFort. Enter your password if prompted.
rflogin <your-email-address>

Step 2: Create a List of Images to Scan

Create a text file called image_list and add some images to scan (one image per line):
image_list
docker.io/debian:11
docker.io/debian:10
docker.io/debian:9

Step 3: Scan the List of Images

Scan the list of images:
rfscan <path_to_image_list>
rfscan will fetch and scan each image.
If you encounter issues, please try pulling the images before running rfscan:
$ docker pull docker.io/debian:11
$ rfscan <path_to_image_list>

Step 4: View Scan Reports

When more than one image is scanned, rfscan will generate unique SBOM and vulnerabilities reports in addition to per-image SBOM and vulnerabilities reports. The unique SBOM and vulnerabilities reports aggregate all unique packages and vulnerabilities found in the batch of images.
  • Scan Summary
  • Per-Image SBOM Reports
  • Per-Image Vulnerabilities Reports
  • Estimates Report
  • Unique SBOM Report
  • Comparison SBOM Report
  • Unique Vulnerabilities Report
  • Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
SCAN SUMMARY
-------------------------------------------------------------------------------
Total # of Images Scanned: 3
Total Attack Surface: 338.6 MB
Total # of Packages: 270
Total # of Vulnerabilities: 361
POC: 13
Critical: 33
High: 137
Medium: 146
Low: 42
Total # of Vulnerabilities with Patches: 8
-------------------------------------------------------------------------------
IMAGE DETAILS
-------------------------------------------------------------------------------
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
docker.io/debian:9 100.6 MB ~4.1 MB 192 (POC: 9) ~31
docker.io/debian:10 114.1 MB ~4.9 MB 109 (POC: 4) ~18
docker.io/debian:11 123.9 MB ~5.4 MB 60 (POC: 0) ~10
-------------------------------------------------------------------------------
POC ATTACK RISK SUMMARY
--------------------------------------------------------------------------------
POC Published
Severity: Critical
No vulnerabilities found
Severity: High
CVE-2019-3844 docker.io/debian:10
CVE-2019-3843 docker.io/debian:10
CVE-2018-1000001 docker.io/debian:9
CVE-2017-18078 docker.io/debian:9
CVE-2019-3843 docker.io/debian:9
CVE-2019-3844 docker.io/debian:9
Rapid Risk Score >= 70.0%
Severity: Critical
CVE-2021-35942 docker.io/debian:10
CVE-2019-9893 docker.io/debian:10
CVE-2021-35942 docker.io/debian:9
Severity: High
CVE-2019-3844 docker.io/debian:10
CVE-2021-43396 docker.io/debian:11
CVE-2020-6096 docker.io/debian:10
CVE-2019-3843 docker.io/debian:10
CVE-2018-1000001 docker.io/debian:9
CVE-2017-18078 docker.io/debian:9
CVE-2021-39537 docker.io/debian:10
CVE-2019-3843 docker.io/debian:9
CVE-2020-6096 docker.io/debian:9
CVE-2021-39537 docker.io/debian:11
CVE-2021-39537 docker.io/debian:9
CVE-2019-3844 docker.io/debian:9
--------------------------------------------------------------------------------
You may also view the images and reports by visiting the RapidFort UI:
  • https://frontrow.rapidfort.com (SaaS)
  • https://<rapidfort_ip address> (On-Premises)