Docker Scout - DrAlzahraniProjects/csusb_fall2024_cse6550_team4 GitHub Wiki
Docker Scout Documentation
Last edited by csusb_fall2024_cse6550_team4
Table of Contents
1. Installation
Prerequisites
Ensure that Docker and Docker Desktop are installed and functioning properly on your system.
-
Verify Docker installation:
docker --version -
Install or update Docker Scout (if not already included in your Docker CLI):
docker scout
Figure shows the docker version used in the project setup.
Install or Update Docker Scout
Docker Scout is bundled with the latest versions of Docker Desktop. To ensure you have the latest version:
- Update Docker Desktop:
- Download the latest version of Docker Desktop from Docker's official website.
- Verify Docker Scout installation:
docker scout
Figure shows the docker scout version used in the project setup.
2. Configuration
Step 1: Authenticate with Docker Hub
To analyze container images, authenticate Docker Scout with your Docker Hub account:
docker login
Step 2: Define the Project Docker Image
The project Dockerfile should look similar to this:
# Base image
FROM python:3.11-slim
# Set working directory
WORKDIR /app
# Install dependencies
COPY requirements.txt .
RUN pip install -r requirements.txt
# Copy application files
COPY . .
# Run the application
CMD ["python", "app.py"]
Figure shows a snippet of the docker file used in the project
Step 3: Build the Project Docker Image
Build the Docker image for the project:
docker build -t team4_chatbot .
Figure shows docker being built successfully.
3. Implementation
Step 1: Analyze the Image
Run Docker Scout to analyze the built image:
docker scout cves team4_chatbot
Example Output:
Image: team4_chatbot:latest
Vulnerabilities found:
- CVE-2023-1234: Medium severity in 'libssl1.1'
- CVE-2023-5678: High severity in 'libcurl4'
Recommendations:
- Upgrade 'libssl1.1' to version X.Y.Z
- Upgrade 'libcurl4' to version A.B.C
Figure shows running the scout command to analyze the image.
Figure shows the output after analyzing the image, the overview of the run.
Following figures are also part of the output but it showcases each vulnerability in detail.
Figure shows the last section of output where it lists out all vulnerabilities and the degree of vulnerability
Step 2: Optimize the Image
Use Docker Scout’s optimization suggestions to improve the image:
docker scout recommendations team4_chatbot
Output may suggest:
Using a slimmer base image (python:3.11-slim vs python:3.11). Removing unused dependencies in requirements.txt.
Figure shows the output for the scout recommendations command on the project image.
Step 3: Generate a Report
Export the Docker Scout analysis as a report:
docker scout quickview team4_chatbot:latest format plain > scout_quickview.txt
Figure shows a new file is created for the report in the project directory.
Figure shows the report built using the docker scout command.
4. Usage
Step 1: Security Checks for Milvus
Run Docker Scout on Milvus container to check for vulnerabilities:
docker scout cves milvusdb/milvus:latest
Figure shows milvus-server container is up and running.
Figure shows running of the scout command on the milvus-server container
Figure shows the overview of the vulnerabilities on the milvus-server container after analyzing it.
The following figures shows each vulnerability in more detail.
Figure shows the end output after analyzing the image, number of vulnerabilities and the degree of vulnerability.
Step 2: Iterative Development
Each time a change is made to the project, rebuild the image and rerun Docker Scout to ensure there are no regressions in security or efficiency:
docker build -t team4_chatbot .
docker scout cves team4_chatbot
5. Troubleshooting
Common Issues and Fixes
Issue 1: Docker Scout Command Not Found Ensure Docker CLI is up-to-date:
docker --version
If outdated, update Docker Desktop or Docker Engine to the latest version.
Issue 2: Authentication Issues If Docker Scout cannot access Docker Hub images, ensure you are logged in:
docker login
Issue 3: Incomplete Recommendations Sometimes, Docker Scout may not analyze certain base images. In this case, manually check the base image's documentation for updates:
docker scout recommendations python:3.11-slim