Can we do docker layer wise scan for vulnerability detection

Question

Can we do docker layer wise scan for vulnerability detection

suhalvemu opened this issue 10 months ago · 4 comments

What would you like to be added:
At each layer if there any vulnerabilities present at the time of scanning we can show/display the CVE ID's for better vulnerability detection

Why is this needed:
It gives the health of image and helps us with better information in vulnerability scanning.
Additional context:

Answer 1 · 2023-08-10T11:27:15.000Z

hm, dont think dive has a CVE scanner?
Anyway, what you ask for is implemented in trivy and docker scout.

Answer 2 · 2023-08-14T07:20:10.000Z

Actually Trivy does not support layer wise scanning. I am not sure about docker scout. But since we are able to show what is present in layers of docker, can we integrate trivy and provide a feature for showing CVE at each layer.

Answer 3 · 2023-08-14T07:40:05.000Z

Scout has layer scanning. The problem is not the layers, the problem is the scanning. You would need the logic to detect packages and even worse you needs useful CVE database. I think that is not on the scope of dive, but I could be wrong :)

Answer 4 · 2023-08-15T12:51:09.000Z

makes sense.