Open in app

Sign in

Write

Sign in

Dockle — Container Security Diagnosis

Maciej
2 min readDec 7, 2020

--

Introduction

In this post I would like to show container image security diagnostic tool Dockle, which You can use to check the particularly dangerous items from the container image, and also check that the container image according to the best practice is created based on the command history saved in the image

goodwithtech/dockle

Dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start Dockle helps…

github.com

How use it ?

After installation, all you have to do is specify the image name. You don’t need to prepare anything else, you don’t even need Docker.

  • Installation on OSX
$ brew install goodwithtech/r/dockle
  • Installation on Linux
# RHEL
$ VERSION=$(
 curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
 grep '"tag_name":' | \
 sed -E 's/.*"v([^"]+)".*/\1/' \
) && rpm -ivh https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.rpm#Ubuntu
$ VERSION=$(
 curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
 grep '"tag_name":' | \
 sed -E 's/.*"v([^"]+)".*/\1/' \
) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
$ sudo dpkg -i dockle.deb && rm dockle.deb

If You decide to use docker, Dockle also have an official image in DockerHub, more info about how we can use it we can fin in this link

Example:

The execution result is as follows. If there is no problem, PASS will be displayed.

Basic Running :

Running with docker:

Features that Dockle offers

  • Detect vulnerabilities inside container’s
  • Helping with build best-practice Dockerfile
  • Simple usage becasue we need specify only the image name
  • Support CIS Benchmarks
  • Suitable for Travis CI, CircleCI, Jenkins, Azure DevOps

Comparison with other tools

W can find a similar tools, which we can use for security diagnosis, for example: Docker Bench or Hadolint there is. The items of the CIS benchmark that can be checked with each of these tool are as follows, but Dockle covers the most range.

Below I present a list of several tools ( Dockle, Docker Bench and Hadolint)

Dockle use it in DevSecOps

I think it was good starting point for a tool that could be easily used even with CI, so we can use it with CI and easily create DevSecOps. In link below I share few examples how we can use it for CI/CD

In link below we can find examples how to setup wit CI/CD systems

Docker
Security
Containers
Linux

 by the author.

--

--

Maciej

Written by Maciej

761 Followers

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams