Security Scanning
Scans images and containers as applications are deployed, performing static analysis of vulnerabilities on code and container image levels.
Shipa's security capabilities are structured in the following manner:
- In regular intervals, Shipa ingests vulnerability metadata from a configured set of sources and stores it in its internal database.
- Containers are indexed by their images, creating a list of features present in the image and stores them in the database.
- Shipa queries its database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
- When updates to vulnerability metadata occur, a notification is sent to alert systems that a change has occurred.
- At a pre-set interval, Shipa scrubs container images and indexes. Shipa can send out alerts, reports, or block deployments to Shipa environments if any vulnerabilities are matched to identified software packages in the images.
Shipa increases awareness and best security practices across developer and operations teams through automatic detection of vulnerabilities and encourages action to patch and address the vulnerabilities. When new vulnerabilities are announced, Clair knows right away, without rescanning, which existing layers are vulnerable and notifications are sent.
Scanning Applications
To scan a specific application image for vulnerabilities, use the app security scan command.
shipa app security scan [-a/--app appname] [--config/-c configfile]
Flags:
Flag | Description |
---|---|
-a, --app | The name of the application |
-c, --config | config file (not required) |
Listing Application Scans
To list all security scans for a specific application, use the app security list command.
shipa app security list [-a/--app appname]
Flags:
Flag | Description |
---|---|
-a, --app | The name of the application |
Application Security Report
To create a report of a security scan for a particular application, use the app security report command.
shipa app security report [-a/--app app-name]
Flags:
Flags | Description |
---|---|
-a, --app | The name of the application |
-i | Scan index |
Scanning Images
To scan a specific image for vulnerabilities. Use the image security scan command
shipa image security scan imagename [--config/-c configname]
Flags:
Flag | Description |
---|---|
-c, --config | Configuration file (not required) |
Listing Image Scans
To list all security scans for a specific image, use the image security list command
shipa image security list imagename
Image Security Report
To create a security scan report, use the image security report command.
shipa image security report imagename -i scanIndex
Flag:
Flag | Description |
---|---|
-i | Scan index |
Updated over 1 year ago