Snyk Documentation

Container security overview

The Snyk Container Vulnerability Management solution enables developers to test, fix and monitor open source vulnerabilities in their images. Scanning and analyzing your Linux-based container project for known vulnerabilities is an important step in securing your environment by helping you identify and mitigate security vulnerabilities.

To help secure your container, Snyk scans the base image for its dependencies:

  • The operating system (OS) packages installed and managed by the package manager
  • Key binaries—layers that were not installed through the package manager

Based on the scan results, Snyk offers remediation advice and guidance by indicating the:

  • Origins of the vulnerabilities in your OS packages and key binaries
  • Base image upgrade details or a recommendation to rebuild the image
  • Dockerfile layer in which the affected package was introduced
  • Fixed-in version of the operating system and key binary packages

Docker scanning (testing) and monitoring is available via the Snyk CLI and also from the Snyk UI. Developers can run 100 tests per month on our free tier plan, and unlimited tests with our other plans.

In addition, Snyk now integrates with Docker Hub, which is available for all of our pricing plans including our free tier offer. Additional integrations will be developed soon.

See Plans to learn more.