Docker

Security Commands

Secure your containers and images. Learn vulnerability scanning with Docker Scout, security best practices, and how to build and run containers with defense in depth.

5 commands

Pro Tips

Run 'docker scout cves image:tag' to scan images for known vulnerabilities before deployment.

Use 'docker run --read-only' for containers that don't need to write to the filesystem.

Drop unnecessary Linux capabilities with '--cap-drop ALL --cap-add' only what's needed.

Common Mistakes

Never run containers with '--privileged' unless absolutely necessary - it gives full host access.

Regularly update base images to get security patches. Set up automated scanning in CI/CD.

Commands

Scan image for vulnerabilities

$ docker scout cves <image>

Display CVEs in image.

Quick vulnerability scan

$ docker scout quickview <image>

Quick vulnerability overview.

Compare image security

$ docker scout compare <image1> <image2>

Compare vulnerabilities between images.

Get recommendations

$ docker scout recommendations <image>

Get security recommendations.

View software bill of materials

$ docker scout sbom <image>

Display detailed software bill of materials (SBOM) for image.