Verify security vulnerabilities
One of the fundamental aspects of Docker containers is reuse and the ability to base your containers on top of other containers. IBM Containers provides Vulnerability Advisor, a pre-integrated security scanning tool that will alert you of vulnerable images and can even be configured to prevent deployment of those images.
- Go to the Bluemix Dashboard and click on CATALOG.
- Hover over the purple icon for Mongo. This is the Mongo image that you pulled from the public DockerHub registry and pushed into your private registry.You will see a pop-up with the vulnerability assessment shown inline. This is a red/yellow/green scale. Your Mongo image should be a green status of Safe to Deploy.
- Click on the Mongo image and you are taken to the container deployment page. You won’t deploy your container from here, but you can see the vulnerability assessment in full detail.On the right side of the screen, you can see your image’s Vulnerability Assessment as well as your quota information. The icon should read Safe to Deploy based on your Mongo image upload.
- Click on View the vulnerability report for this image. This will bring you to the assessment details page with two tabs:Vulnerable Packages and Policy Violations.
- Click on Manage your org’s policies. Here you are presented with two boxes – Deployment Settings for Containers and Image Deployment Impact.
- Return to the Bluemix Catalog and review the vulnerability assessment for the Let’s Chat image. You can do this by clicking on the purple lets-chat icon and viewing the same vulnerability information on the right hand side of the page.
You have reviewed your pushed images, which were sourced from a public repository, and can now safely deploy them on your hosted Bluemix account. This is a key step in making sure you are running the code which you expect to be running and you are not opening your organization up to security issues, at the expense of agility. You still want to stay secure, even when moving at light-speed!