Snyk for Docker

What type of Docker images does Snyk support?

Snyk supports testing and monitoring Docker images that have their dependencies managed by Debian, RPM or APK. Docker scanning is available via the Snyk CLI.

Docker scanning is available to our Enterprise customers. See Plans to learn more.

Testing Docker images

We scan Docker images by extracting the image layers and inspecting the package manager manifest info. We then compare every OS package installed in the image against our Docker vulnerability database.

To test an image, make sure it is pulled locally (i.e. docker pull ubuntu:latest).

  • Run snyk test --docker ubuntu:latest to test the image for vulnerabilities.
  • Run snyk monitor --docker ubuntu:latest to create a snapshot of the image’s dependencies for continuous monitoring.