Integrated Docker Security Scanning by Snyk in Docker Hub

In our continuing quest to help developers create more secure containers, Snyk and Docker are pleased and excited to announce the release of our next phase of integration: Docker security scanning powered by Snyk directly in Docker Hub!

With this capability, teams can now securely collaborate in Docker Hub, with the full vulnerability details available as images are pushed. Now, individual users can create secure container images from their desktop, using the docker scan functionality locally to help select a secure base image and ensure any tools and libraries they add are safe.

Then when images are pushed to Docker Hub, teams will have security scan results available to ensure the shared images they’re using are safe. And if major issues are identified in Hub, the developer can make the appropriate updates on their desktop and push their updated image to back Hub.

Container image security as simple as docker push

The new image scanning integration runs a Snyk container vulnerability scan on images when they are pushed to your Docker Hub repository. There are no special steps required other than to turn on the feature on your repository and push an image. Turning on Docker security scanning is done with a single click of the “Enable” link, as shown in the image below:

When an image is scanned the vulnerability results are available directly in the Docker Hub interface. You get high-level vulnerability stats for each tag that has been scanned, and if you view the details of an individual tag you can see the specific findings for that image, sorted by severity, as shown here:

In the example above, you can find the high-level details of the vulnerability and whether there is a fix available directly from the vulnerability list. If you want to get more details on the security issue, you can select an individual vulnerability and see its dependency graph and you also have the ability to go to Snyk’s full vulnerability report for that particular issue.

End-to-end security for container developers

Being able to get vulnerability details on an individual’s desktop and in Docker Hub is a great step forward in creating secure containers. The Docker Hub view gives teams the confidence to use the images they are sharing and the integrated Docker security scanning in Docker Desktop helps developers find and fix issues before pushing to Hub and as new vulnerabilities are discovered.

Snyk can also secure the code you’re writing and running in containers and help you monitor containers as they’re running in Kubernetes and even ensure your Kubernetes configurations are secure as well.

Availability

• Docker Hub: Pro and Team users can turn on vulnerability scanning powered by Snyk in Docker Hub today!
• Snyk and Docker will be hosting a live demonstration event on Thursday, October 15 at 10 am PT / 1 pm ET / 7 pm BST. Register now to secure your seat!
• Docker Desktop: The Snyk-powered Docker Desktop scanning capabilities are available in the Edge channel now! If you missed our Desktop announcement webinar you can catch the replay and download our Docker CLI Cheat Sheet to get started.

Let us know what you think

The Docker and Snyk teams aren’t done! We have more work underway, but we want to hear from you. If you have feedback or feature requests for our scanning in Docker Hub or Docker Desktop, please comment in Docker’s public roadmap.