Scan your container images for package vulnerabilities with Aqua Security
Aqua MicroScanner is deprecated as of 1 Apr. 2021. Our recommendation is to replace MicroScanner with Trivy, Aqua’s market-leading open source vulnerability scanner, which is maintained by Aqua’s Open Source Engineering team and the community.
This video explains more about replacing MicroScanner with Trivy.
Hi Guys,
This is a feature request I would like to request for.
Currently we use microscanner in our Bamboo pipelines to scan the images and to promote the same to different environments, however the --html doesn't create an html file rather writes to stdout together with docker build outputs which is a bit mess to read or write to file, I would like to have the --out results.html argument with which we would like to export html file as an artifact so that we can refer anytime with tags and scan results.
As described here libtasn1-6 4.13-3 in buster is vulnerable
Install fixed version from bullseye as below
RUN /bin/echo -e 'deb http://deb.debian.org/debian bullseye main\ndeb http://deb.debian.org/debian bullseye-updates main' >> /etc/apt/sources.list && \
apt update && \
apt install libtasn1-6 && \
sed -i -e '/bullseye/d' /etc/apt/sources.list && \
apt updateMicroscanner lists the newer fixed version in the report, but still marks it as vulnerable
It would be amazing if you all could include a versioned release of microscanner binary so we can see if we have latest in caches. Also can we get a downloadable shasum to check the binary against? I think the only reference for sha checks is in the README.md.
I know that commercial version have Windows support but it would be very useful to have microscanner which can be used with Windows containers too.
Any change to get it?
Hi,
After receiving the token. I tested microscanner based on the instructions i received in the email.
For example, I added the following snippet to my Dockerfile:
FROM alpine
RUN apk add --no-cache ca-certificates && update-ca-certificates
ADD https://get.aquasec.com/microscanner .
RUN chmod +x microscanner
RUN ./microscanner <my-token>
However when i run the dockerfile, I get the following error
ERROR: failed fetching server information: request failed: Get https://microscanner.aquasec.com/api: net/http: TLS handshake timeout
My Configuration:
Ubuntu 16.04.6 LTS
Docker version 18.09.7, build 2d0083d
Thanks.
Hi,
First of all, I like this tool very much: simple, fast and it does what it needs to be doing.
The following oneliner will install, run and cleanup everything in the same layer of a Docker build, so that it will not add any storage size to the final image.
RUN apk add --no-cache ca-certificates && update-ca-certificates && \
wget -O /microscanner https://get.aquasec.com/microscanner && \
chmod +x /microscanner && \
/microscanner <token> && \
rm -rf /microscanner
Hi,
I tried both requesting the token from the website and running the docker per instruction but wasn't able to get the token after waiting more than 12 hours.
Is the token still open for register?
We have some client environment where we use internal mirrors. Is there any plan to support them?
I was trying to test a very minimal alpine image. I forgot to install apk-tools so there was no package manager available. The build still passed. I expected such a fatal error to return a non zero exit code so the build would break.
My docker image is built from scratch using a script, so I don't have a nice Dockerfile to share. It was built using build.sh in my repo.
The Dockerfile for microscanner looks like this:
FROM skwashd/alpine:3.8
USER root
RUN wget https://get.aquasec.com/microscanner -O /home/worker/microscanner \
&& chmod +x /home/worker/microscanner \
&& /home/worker/microscanner [token]$ docker build .
Sending build context to Docker daemon 14.85kB
Step 1/3 : FROM skwashd/alpine:3.8
---> 0986bf92ea60
Step 2/3 : USER root
---> Running in 8bfc48aaff8b
Removing intermediate container 8bfc48aaff8b
---> cbd5ed52c503
Step 3/3 : RUN wget https://get.aquasec.com/microscanner -O /home/worker/microscanner && chmod +x /home/worker/microscanner && /home/worker/microscanner OGU5YjUxNDc3OTVm
---> Running in 80445044bf2d
Connecting to get.aquasec.com (13.35.99.62:443)
microscanner 0% | | 15k 0:29:23 ETA
microscanner 3% | | 847k 0:01:00 ETA
microscanner 17% |***** | 4678k 0:00:13 ETA
microscanner 35% |*********** | 9445k 0:00:07 ETA
microscanner 53% |**************** | 14207k 0:00:04 ETA
microscanner 71% |********************** | 18849k 0:00:02 ETA
microscanner 87% |*************************** | 23112k 0:00:01 ETA
microscanner 100% |*******************************| 26465k 0:00:00 ETA
2018-07-22 06:33:20.777 INFO Contacting CyberCenter... {"registry": "", "image": ""}
2018-07-22 06:33:22.475 INFO CyberCenter connection established {"registry": "", "image": "", "api_version": "4"}
2018-07-22 06:33:23.058 INFO Processing results... {"registry": "", "image": ""}
2018-07-22 06:33:23.058 INFO Applying image assurance policies... {"registry": "", "image": ""}
WARNING: scanning not supported for some part of this image
{
"scan_started": {
"seconds": 1532241200,
"nanos": 638300700
},
"scan_duration": 3,
"digest": "23d57642e0528103c547ee32117a9c1181f0f4f4a20abade4623085ced7d682d",
"metadata": {
"container_config": {},
"config": {}
},
"os": "alpine",
"version": "3.8.0",
"image_assurance_results": {
"checks_performed": [
{
"policy_id": 1,
"policy_name": "Default",
"control": "max_severity",
"maximum_severity_allowed": "high"
}
]
},
"vulnerability_summary": {},
"scan_options": {},
"partial_results": true,
"initiating_user": "token",
"warnings": [
{
"subject": "Packages",
"message": "failed finding alpine packages"
}
],
"data_date": 1532158513
}
Removing intermediate container 80445044bf2d
---> 22abf06faf1f
Successfully built 22abf06faf1f
I'm tried multiple emails, never get a token to try using this....
This error repeatedly, randomly reappears, despite the token known to be good.
See: https://circleci.com/gh/greenpeace/planet4-docker/3313
Is this a known issue that has a timeline to be fixed?
Are these recurrent downtimes due to upgrades of the service or some other failure?
The token is not generating after registering.
I have an OpenShift 4.3 environment, and I am using BuildConfig and the following Dockerfile:
FROM node:latest
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY package.json /usr/src/app
RUN npm install
COPY server.js /usr/src/app
ARG acquaToken
ADD https://get.aquasec.com/microscanner .
RUN chmod +x microscanner
RUN ./microscanner $acquaToken
EXPOSE 8080
CMD ["npm", "start"]
However, the build is failing with the following error:
node-build-config-6-build docker-build STEP 12: RUN ./microscanner $acquaToken
node-build-config-6-build docker-build 2020-05-23 19:10:27.181 INFO Contacting CyberCenter... {"registry": "", "image": ""}
node-build-config-6-build docker-build 2020-05-23 19:10:27.705 INFO CyberCenter connection established {"registry": "", "image": "", "api_version": "4"}
node-build-config-6-build docker-build 2020-05-23 19:10:30.300 INFO Processing results... {"registry": "", "image": ""}
node-build-config-6-build docker-build
node-build-config-6-build docker-build ERROR: scan failed: CyberCenter returned error: failed scanning: failed reading error response: failed decompressing response: snappy: corrupt input
Any idea on what I can do to fix this error?
We should be able to remove some imports so that the binary is less enormous.
I saw that the microscanner has support for OS level packages. Does it also have support for application level packages. For example flask is a package for pypi ecosystem. So does it scan for this as well, or is there a future possibility to do the same.
I performed a microscanner scan against one of my repository image. I notice that the MicroScanner report is differ from the report that I have registered inside the Aqua console.
I have 2 set of scan report (1 set directly from the MicroScanner output and 1 set generate from rest API). These 2 sets of report does not have any critical vulnerability, the report detected total of 5 high severity vulnerabilities.
However, once this report has been uploaded into Aqua console, the Aqua console has moved one of the high severity vulnerability into "critical" and 4 high severity vulnerabilities.
Somehow one of high vulnerability has been upgraded to "critical" inside Aqua console.
Hi,
We are using aquasecurity/microscanner to scan our docker image with the below code on our circleci job.
Our image is passing, but the "microscanner/scan-image" build fails with the below error.
/bin/bash: line 5: $MICROSCANNER_OPTIONS: ambiguous redirect
Exited with code 1
Any idea, why it fails with the above error.
Thanks,
Nagarajan
When scanning a container that is based on the official Cassandra:2.2.14 image, Microscanner incorrectly identifies two CVEs that do not apply to this version, see https://gist.github.com/elsmorian/79e0148c2508b1be7d1ddb4b83f0385e for Microscanner output.
I'm testing MicroScanner by building from the following Dockerfile:
FROM ubuntu
RUN apt-get update && apt-get install -y nginx ca-certificates
ADD https://get.aquasec.com/microscanner /
RUN chmod +x /microscanner
RUN /microscanner <TOKEN OMITTED>
This produces a report that starts by confirming that it runs Ubuntu 18.04:
{
"scan_started": {
"seconds": 1553870836,
"nanos": 325250548
},
"scan_duration": 1,
"digest": "9ca10b67c8e2c94be37d79662e41690ad49e5457c2531e5e7bf7641814879bf3",
"os": "ubuntu",
"version": "18.04",
...
It correctly lists vulnerabilities like CVE-2016-2781 that have indeed not been patched yet, but it also mentions vulnerabilities like CVE-2016-3189 that have been patched a long time ago.
It doesn't seem to count these vulnerabilities in the summary at the end, but it lists them anyway. This is confusing and forces me to check each vendor page manually to see which vulnerability is relevant and which isn't. Why are these irrelevant ones listed at all?
Certificate for get.aquasec.com is expired
Following
https://blog.aquasec.com/microscanner-free-image-vulnerability-scanner-for-developers
Vulnerable image successfully builds.
$ docker build --build-arg=token=xxx --no-cache .
},
"vulnerability_summary": {
"total": 28,
"high": 8,
"medium": 12,
"low": 8,
"negligible": 28,
"sensitive": 0,
"malware": 0,
"score_average": 4.6607146,
"max_score": 10,
"max_fixable_score": 10,
"max_fixable_severity": "high"
},
"scan_options": {},
"initiating_user": "token",
"data_date": 1541291317
}
The command '/bin/sh -c /microscanner ${token}' returned a non-zero code: 4
The image builds:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> f4a69a796f74 26 seconds ago 378MB
$ docker inspect f4a69a79
...
Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GPG_KEYS=xxx"
"MONGO_MAJOR=3.2",
"MONGO_VERSION=3.2.1"
],
"Cmd": [
"mongod"
],
I was signed up ready, but I don't receive an email with the token.
I clicked on Signup
Thank you.
The libxtst vulnerability is mistakenly detected as a libxt vulnerability.
{
"resource": {
"format": "apk",
"name": "libxt",
"version": "1.2.0-r0",
"arch": "x86_64",
"cpe": "pkg:/alpine:3.12.0:libxt:1.2.0-r0",
"license": "custom",
"name_hash": "f885026e0a7c2b558706ab9971d3ab56"
},
"scanned": true,
"vulnerabilities": [
{
"name": "CVE-2013-2063",
"description": "Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.",
"nvd_score": 6.8,
"nvd_score_version": "CVSS v2",
"nvd_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"nvd_severity": "medium",
"nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2063",
"vendor_score": 6.8,
"vendor_score_version": "CVSS v2",
"vendor_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"vendor_severity": "medium",
"publish_date": "2013-06-15",
"modification_date": "2013-11-25"
},
{
"name": "CVE-2016-7951",
"description": "Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.",
"nvd_score": 7.5,
"nvd_score_version": "CVSS v2",
"nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"nvd_severity": "high",
"nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7951",
"vendor_score": 7.5,
"vendor_score_version": "CVSS v2",
"vendor_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"vendor_severity": "high",
"publish_date": "2016-12-13",
"modification_date": "2020-08-27",
"nvd_score_v3": 9.8,
"nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"nvd_severity_v3": "critical",
"vendor_score_v3": 9.8,
"vendor_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vendor_severity_v3": "critical"
}
}
At present, the Aqua Security edition comparison in the README contains incorrect info - as advised by Aqua Support, the Aqua Pay Per Scan option does not have CI/CD integration (using the extensions that rely on the registry.aquasec.com/scanner image) - this should be updated to avoid confusion.
I registered for tokens yesterday and today with different emails both on the command line and on the site, but no mail received. Can you help about that?
Hi,
I'm trying to register for a token with gmail, but cannot succeed. I tried both way that mentioned at https://github.com/aquasecurity/microscanner#registering-for-a-token
Can anyone help me please
Dockerfile:
FROM golang:1.12
ARG TOKEN
USER root
WORKDIR /opt/app
RUN apt list | grep libtasn
RUN wget http://mirrors.kernel.org/ubuntu/pool/main/libt/libtasn1-6/libtasn1-6_4.16.0-2_amd64.deb
RUN apt install -y ./libtasn1-6_4.16.0-2_amd64.deb
RUN apt list | grep libtasn
RUN wget -O /microscanner https://get.aquasec.com/microscanner
RUN chmod +x /microscanner
RUN /microscanner **** --html --continue-on-failure > /tmp/result.html
RUN rm -rf /microscanner
CMD [bash]
Output snippet shows the version before and after the package has been updated:
libtasn1-6/now 4.13-3 amd64 [installed,local]
Removing intermediate container 507ef817358c
---> 8af27a96c078
Step 6/13 : RUN wget http://mirrors.kernel.org/ubuntu/pool/main/libt/libtasn1-6/libtasn1-6_4.16.0-2_amd64.deb
---> Running in ab639ae9bbcb
[91m--2020-03-03 19:32:31-- http://mirrors.kernel.org/ubuntu/pool/main/libt/libtasn1-6/libtasn1-6_4.16.0-2_amd64.deb
Resolving mirrors.kernel.org (mirrors.kernel.org)... �[0m�[91m149.20.37.36, 2001:4f8:4:6f:0:1994:3:14
Connecting to mirrors.kernel.org (mirrors.kernel.org)|149.20.37.36|:80... �[0m�[91mconnected.
HTTP request sent, awaiting response... �[0m�[91m301 Moved Permanently
Location: http://mirrors.edge.kernel.org/ubuntu/pool/main/libt/libtasn1-6/libtasn1-6_4.16.0-2_amd64.deb [following]
�[0m�[91m--2020-03-03 19:32:36-- http://mirrors.edge.kernel.org/ubuntu/pool/main/libt/libtasn1-6/libtasn1-6_4.16.0-2_amd64.deb
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... �[0m�[91m147.75.197.195, 2604:1380:1:3600::1
Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|147.75.197.195|:80... �[0m�[91mconnected.
HTTP request sent, awaiting response... �[0m�[91m200 OK
Length: 38088 (37K) [application/octet-stream]
�[0m�[91mSaving to: 'libtasn1-6_4.16.0-2_amd64.deb'
0K .......... .�[0m�[91m......... .......... .....�[0m�[91m.. 100% 832K=0.04s
�[0m�[91m2020-03-03 19:32:36 (832 KB/s) - 'libtasn1-6_4.16.0-2_amd64.deb' saved [38088/38088]
�[0mRemoving intermediate container ab639ae9bbcb
---> 2dcb5aa357b7
Step 7/13 : RUN apt install -y ./libtasn1-6_4.16.0-2_amd64.deb
---> Running in 783beaa9bf04
�[91m
WARNING: apt�[0m�[91m does not have a stable CLI interface. �[0m�[91mUse with caution in scripts.
�[0m�[91m
�[0mReading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
libtasn1-6
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/38.1 kB of archives.
After this operation, 13.3 kB of additional disk space will be used.
Get:1 /opt/app/libtasn1-6_4.16.0-2_amd64.deb libtasn1-6 amd64 4.16.0-2 [38.1 kB]
�[91mdebconf: delaying package configuration, since apt-utils is not installed
�[0m(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 15401 files and directories currently installed.)
Preparing to unpack .../libtasn1-6_4.16.0-2_amd64.deb ...
Unpacking libtasn1-6:amd64 (4.16.0-2) over (4.13-3) ...
Setting up libtasn1-6:amd64 (4.16.0-2) ...
Processing triggers for libc-bin (2.28-10) ...
Removing intermediate container 783beaa9bf04
---> d7b355b0eb32
Step 8/13 : RUN apt list | grep libtasn
---> Running in a42999973a48
�[91m
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
[0mlibtasn1-6/now 4.16.0-2 amd64 [installed,local]
Removing intermediate container a42999973a48
As you can see version libtasn1-6 4.16.0-2 is now installed.
However, the scan report detects this:
If microscanner is in a Dockerfile, the build should fail if the scan fails to run. Presumably it's returning zero in the case, as here, where the token wasn't passed in.
vagrant@vagrant:/microscanner$ docker build -f Dockerfile.fail .
Sending build context to Docker daemon 38.19MB
Step 1/7 : FROM alpine:3.4
...
Step 6/7 : RUN /microscanner ${token}
---> Running in 4d7f576ceb3b
___ ____ __ ____ ____
/ _ |___ ___ _____ _/ __/__ ____ / |/ (_)__________ / __/______ ____ ___ ___ ____
/ __ / _ `/ // / _ `/\ \/ -_) __/ / /|_/ / / __/ __/ _ \_\ \/ __/ _ `/ _ \/ _ \/ -_) __/
/_/ |_\_, /\_,_/\_,_/___/\__/\__/ /_/ /_/_/\__/_/ \___/___/\__/\_,_/_//_/_//_/\__/_/
/_/
Aqua Security MicroScanner, version 3.2.0.5
Community Edition
Usage: docker run --rm -it aquasec/microscanner <token>
or: docker run --rm -it aquasec/microscanner register <email>
Flags:
-c, --continue-on-failure return with exit code 0 even if high-severity vulnerabilities are found
-h, --help help for microscanner
-H, --html provide output in HTML format
-n, --no-verify Do not verify TLS certificates
-d, --root string start scanning from a different root directory
--version version for microscanner
ERROR: accepts 1 arg(s), received 0
Removing intermediate container 4d7f576ceb3b
---> c256188fd058
Step 7/7 : RUN echo "No vulnerabilities!"
---> Running in 6c37ffa9a8e4
No vulnerabilities!
Removing intermediate container 6c37ffa9a8e4
---> 9d7450aadb86
Successfully built 9d7450aadb86
From Dockerfile:
FROM alpine:3.4
RUN apk add --update openssl ca-certificates
COPY microscanner /microscanner
RUN chmod +x /microscanner
ARG token
RUN /microscanner ${token}
RUN echo "No vulnerabilities!"
Hit the issue by building without passing in the token: docker build -f .
It would be handy to have a more human-readable output of the microscanner as an option - something similar to https://pyup.io/safety/ where it tabulates information (and maybe a separate option to only show issues and not packages where ok?)
Following is my Dockerfile :
FROM ubuntu:latest
RUN apt-get update && apt-get -y install ca-certificates
ADD https://get.aquasec.com/microscanner /
RUN chmod +x /microscanner
RUN /microscanner <token>
This is how i build my image
sudo docker build .
This is the results I got
Sending build context to Docker daemon 185.9kB
Step 1/5 : FROM ubuntu:latest
---> 7698f282e524
Step 2/5 : RUN apt-get update && apt-get -y install ca-certificates
---> Running in 58a45ebd53b6
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [5436 B]
Get:5 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [4168 B]
Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:7 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [494 kB]
Get:8 http://archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [186 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [11.3 MB]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [326 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1344 kB]
Get:12 http://archive.ubuntu.com/ubuntu bionic/restricted amd64 Packages [13.5 kB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [10.8 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [837 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1213 kB]
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [7236 B]
Get:17 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [3902 B]
Get:18 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [2496 B]
Fetched 16.3 MB in 60s (273 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
libssl1.1 openssl
The following NEW packages will be installed:
ca-certificates libssl1.1 openssl
0 upgraded, 3 newly installed, 0 to remove and 9 not upgraded.
Need to get 2060 kB of archives.
After this operation, 5662 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libssl1.1 amd64 1.1.1-1ubuntu2.1~18.04.1 [1295 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 openssl amd64 1.1.1-1ubuntu2.1~18.04.1 [614 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic/main amd64 ca-certificates all 20180409 [151 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 2060 kB in 7s (280 kB/s)
Selecting previously unselected package libssl1.1:amd64.
(Reading database ... 4040 files and directories currently installed.)
Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.1_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) ...
Selecting previously unselected package openssl.
Preparing to unpack .../openssl_1.1.1-1ubuntu2.1~18.04.1_amd64.deb ...
Unpacking openssl (1.1.1-1ubuntu2.1~18.04.1) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../ca-certificates_20180409_all.deb ...
Unpacking ca-certificates (20180409) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up openssl (1.1.1-1ubuntu2.1~18.04.1) ...
Setting up ca-certificates (20180409) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Updating certificates in /etc/ssl/certs...
133 added, 0 removed; done.
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for ca-certificates (20180409) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Removing intermediate container 58a45ebd53b6
---> 95b0a29eb828
Step 3/5 : ADD https://get.aquasec.com/microscanner /
Downloading 31.79MB/31.79MB
---> 40e1c321a6fd
Step 4/5 : RUN chmod +x /microscanner
---> Running in 3fcf0e99fb4a
Removing intermediate container 3fcf0e99fb4a
---> a4fd5da9088c
Step 5/5 : RUN /microscanner <token> [--continue-on-failure]
---> Running in 063cf33b92df
___ ____ __ ____ ____
/ _ |___ ___ _____ _/ __/__ ____ / |/ (_)__________ / __/______ ____ ___ ___ ____
/ __ / _ `/ // / _ `/\ \/ -_) __/ / /|_/ / / __/ __/ _ \_\ \/ __/ _ `/ _ \/ _ \/ -_) __/
/_/ |_\_, /\_,_/\_,_/___/\__/\__/ /_/ /_/_/\__/_/ \___/___/\__/\_,_/_//_/_//_/\__/_/
/_/
Aqua Security MicroScanner, version 3.5.0
Community Edition
Usage: docker run --rm -it aquasec/microscanner <token>
or: docker run --rm -it aquasec/microscanner register <email>
Flags:
-c, --continue-on-failure return with exit code 0 even if high-severity vulnerabilities are found
--full-output Show full scanner output (including non-vulnerable files and image metadata)
-h, --help help for microscanner
-H, --html provide output in HTML format
-n, --no-verify Do not verify TLS certificates
-d, --root string start scanning from a different root directory
--version version for microscanner
ERROR: accepts 1 arg(s), received 2
Removing intermediate container 063cf33b92df
---> 57d9e9fe7526
Successfully built 57d9e9fe7526
How can I obtain the scanning results
Microscanner doesn't let the build fail when medium issues are encountered.
We should set a minimum level ourselves.
I see this log output when running the scanner on our image (based on node:12.18.0-alpine):
WARNING: scanning not supported for some part of this image
I cannot find any documentation what this means? What “part of this image” was not scanned? Can I get some background details about this somewhere?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.