docker support?

Question

docker support?

bbigras opened this issue 5 years ago · comments

Bruno Bigras commented 5 years ago

Could Vulnix support scanning docker images created with Nix?

Christian Kauhaus · Answer 1 · Sat Jul 20 2019 17:07:23 GMT+0800 (China Standard Time)

It depends if you have the system derivation available (or reproducible). If so, it can be scanned like any other drv.

Example: Create Docker image with dockerTools (stripped default.nix):

{ pkgs ? import <nixpkgs> {} }:
with pkgs;
dockerTools.buildImage {
  name = "redis";
  tag = "latest";
  contents = redis;
  config = { Cmd = [ "${redis}/bin/redis-server" ]; };
}

Create drv: nix-instantiate

Scan result: vulnix /nix/store/6y2q84mray7jb93flix4fpraa741q1fk-docker-image-redis.tar.gz.drv

HTH