This document describes how to search vulnerabilities in Docker containers using SBOM files and Vulners audit API.
A software bill of materials (SBOM) is a formal, machine-readable inventory of all constituent components, software dependencies and their hierarchical relationships involved in the development and delivery of an application. Vulners API is a Python 3 library for the Vulners database. It provides search and vulnerability scanning APIs for integration purposes.
By combining these tools, we can have a simple solution for monitoring the security of an infrastructure built on Docker.
- Python 3
- Syft
- Vulners-sbom script
To generate SBOM we will use Syft. Install Syft with the following command.
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/binFor a detailed installation guide, see here Syft. Installation
Use Syft to generate a SBOM for a container image and write it to a file. You can use one of the following SBOM formats: Syft json, SPDX json, CycloneDX json or xml.
syft <image> -o json=/path/to/sbom/file.json
syft <image> -o cyclonedx-xml=/path/to/sbom/file.xml
syft <image> -o cyclonedx-json=/path/to/sbom/file.json
syft <image> -o spdx-json=/path/to/sbom/file.jsonNow we should get an API key for agent registration. Log in to Vulners, go to the userinfo space and click on the API KEYS tab. In the "Scope" field, select "api", click SAVE and then copy the generated key. The result should look something like this: RGB9YPJG7CFAXP35PMDVYFFJPGZ9ZIRO1VGO9K9269B0K86K6XQQQR32O6007NUK
Download Vulners-sbom script form Github and install the requirements.
git clone https://github.com/vulnersCom/vulners-sbom-parser.git
cd vulners-sbom-parser
pip install -r requirements.txtRun script with your API key and SBOM file
python3 vulners-sbom-parser.py -i /path/to/sbom/file.json -k <YOUR_API_KEY_HERE>
Operation System: Ubuntu 22.04
Found 5 vulnerabilities
------------------------------------------------------------
Package CVEs
------------------------------------------------------------
libpcre2-8-0 10.39-3build1 arm64 CVE-2022-1586, CVE-2022-1587
libssl3 3.0.2-0ubuntu1.6 arm64 CVE-2022-3358, CVE-2022-3602, CVE-2022-3786
login 1:4.8.1-2ubuntu2 arm64 CVE-2013-4235
passwd 1:4.8.1-2ubuntu2 arm64 CVE-2013-4235
perl-base 5.34.0-3ubuntu1 arm64 CVE-2020-16156
zlib1g 1:1.2.11.dfsg-2ubuntu9 arm64 CVE-2022-37434The script collects from SBOM a list of packages installed in a container and calls Vulners audit API method. As an output you will get a list of vulnerable packages and vulnerabilities IDs. The results of scans are also stored in the Vulners dashboard. Here you can get more detailed information about discovered vulnerabilities.
