Scanning Images
rfscan accepts one or more images as command line parameters.
rfscan <registry>/<repository>:<tag>
Alternatively, you may specify a text file containing a list of images (one image per line).
<registry>/<repository1>:<tag1>
<registry>/<repository2>:<tag2>
<registry>/<repository3>:<tag3>
rfscan <path_to_text_file>
For example:
rfscan docker.io/redis:latest
rfscan docker.io/ubuntu:16.04 docker.io/ubuntu:18.04 docker.io/ubuntu:20.04
In this tutorial, we will use rfscan to scan the MySQL Docker image.
First, run
rflogin
to log into RapidFort. Enter your password if prompted.rflogin <your-email-address>
Run
rfscan
to scan the MySQL image. Note that rfscan will automatically try to pull the image if it does not exist locally.rfscan docker.io/mysql:latest
If you encounter issues, please try pulling the MySQL image before running rfscan:
$ docker pull docker.io/mysql:latest
$ rfscan docker.io/mysql:latest
By default, rfscan will save scan reports in
~/rapidfort/reports/<timestamp>
.Since we scanned one image in this tutorial, we expect the following reports:
- Scan Summary
- SBOM Report
- Vulnerabilities Report
- Estimates Report
- Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
SCAN SUMMARY
-------------------------------------------------------------------------------
Total # of Images Scanned: 1
Total Attack Surface: 509.3 MB
Total # of Packages: 134
Total # of Vulnerabilities: 150
POC: 4
Critical: 9
High: 66
Medium: 55
Low: 19
Total # of Vulnerabilities with Patches: 0
-------------------------------------------------------------------------------
IMAGE DETAILS
-------------------------------------------------------------------------------
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
mysql:latest 509.3 MB ~43.1 MB 150 (POC: 4) ~24
-------------------------------------------------------------------------------
POC ATTACK RISK SUMMARY
--------------------------------------------------------------------------------
POC Published
Severity: Critical
No vulnerabilities found
Severity: High
CVE-2019-3843 mysql:latest
CVE-2019-3844 mysql:latest
Rapid Risk Score >= 70.0%
Severity: Critical
CVE-2019-9893 mysql:latest
CVE-2013-4441 mysql:latest
CVE-2021-35942 mysql:latest
Severity: High
CVE-2019-3843 mysql:latest
CVE-2021-39537 mysql:latest
CVE-2019-3844 mysql:latest
CVE-2020-6096 mysql:latest
--------------------------------------------------------------------------------
You may also view the image and reports by visiting the RapidFort UI:
https://frontrow.rapidfort.com
(SaaS)https://<rapidfort_ip address>
(On-Premises)
In this tutorial, we will use rfscan to scan a list of Docker images.
First, run
rflogin
to log into RapidFort. Enter your password if prompted.rflogin <your-email-address>
Create a text file called
image_list
and add some images to scan (one image per line):image_list
docker.io/debian:11
docker.io/debian:10
docker.io/debian:9
Scan the list of images:
rfscan <path_to_image_list>
rfscan will fetch and scan each image.
If you encounter issues, please try pulling the images before running rfscan:
$ docker pull docker.io/debian:11
$ rfscan <path_to_image_list>
When more than one image is scanned, rfscan will generate unique SBOM and vulnerabilities reports in addition to per-image SBOM and vulnerabilities reports. The unique SBOM and vulnerabilities reports aggregate all unique packages and vulnerabilities found in the batch of images.
- Scan Summary
- Per-Image SBOM Reports
- Per-Image Vulnerabilities Reports
- Estimates Report
- Unique SBOM Report
- Comparison SBOM Report
- Unique Vulnerabilities Report
- Images and Images Scanned Reports
Your scan summary report may differ slightly from the example.
scan_summary
SCAN SUMMARY
-------------------------------------------------------------------------------
Total # of Images Scanned: 3
Total Attack Surface: 338.6 MB
Total # of Packages: 270
Total # of Vulnerabilities: 361
POC: 13
Critical: 33
High: 137
Medium: 146
Low: 42
Total # of Vulnerabilities with Patches: 8
-------------------------------------------------------------------------------
IMAGE DETAILS
-------------------------------------------------------------------------------
Image Attack Surface Hardened Estimate Vulnerabilities Hardened Estimate
docker.io/debian:9 100.6 MB ~4.1 MB 192 (POC: 9) ~31
docker.io/debian:10 114.1 MB ~4.9 MB 109 (POC: 4) ~18
docker.io/debian:11 123.9 MB ~5.4 MB 60 (POC: 0) ~10
-------------------------------------------------------------------------------
POC ATTACK RISK SUMMARY
--------------------------------------------------------------------------------
POC Published
Severity: Critical
No vulnerabilities found
Severity: High
CVE-2019-3844 docker.io/debian:10
CVE-2019-3843 docker.io/debian:10
CVE-2018-1000001 docker.io/debian:9
CVE-2017-18078 docker.io/debian:9
CVE-2019-3843 docker.io/debian:9
CVE-2019-3844 docker.io/debian:9
Rapid Risk Score >= 70.0%
Severity: Critical
CVE-2021-35942 docker.io/debian:10
CVE-2019-9893 docker.io/debian:10
CVE-2021-35942 docker.io/debian:9
Severity: High
CVE-2019-3844 docker.io/debian:10
CVE-2021-43396 docker.io/debian:11
CVE-2020-6096 docker.io/debian:10
CVE-2019-3843 docker.io/debian:10
CVE-2018-1000001 docker.io/debian:9
CVE-2017-18078 docker.io/debian:9
CVE-2021-39537 docker.io/debian:10
CVE-2019-3843 docker.io/debian:9
CVE-2020-6096 docker.io/debian:9
CVE-2021-39537 docker.io/debian:11
CVE-2021-39537 docker.io/debian:9
CVE-2019-3844 docker.io/debian:9
--------------------------------------------------------------------------------
You may also view the images and reports by visiting the RapidFort UI:
https://frontrow.rapidfort.com
(SaaS)https://<rapidfort_ip address>
(On-Premises)