Snyk for Docker
We scan Docker images by extracting the image layers and inspecting the package manager manifest info. We then compare every OS package installed in the image against our Docker vulnerability database.
To test an image, make sure it is pulled locally (i.e.
docker pull ubuntu:latest).
snyk test --docker ubuntu:latestto test the image for vulnerabilities.
snyk monitor --docker ubuntu:latestto create a snapshot of the image’s dependencies for continuous monitoring.