How Veracode Scans Docker Containers for Open Source Vulnerabilities

1.0Veracodehttps://www.veracode.comRJ GazarekHow Veracode Scans Docker Containers for Open Source Vulnerabilities | Veracoderich600338<blockquote class="wp-embedded-content" data-secret="nRu4STMo3R"><a href="https://www.veracode.com/blog/how-veracode-scans-docker-containers-open-source-vulnerabilities/">How Veracode Scans Docker Containers for Open Source Vulnerabilities</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.veracode.com/blog/how-veracode-scans-docker-containers-open-source-vulnerabilities/embed/#?secret=nRu4STMo3R" width="600" height="338" title="“How Veracode Scans Docker Containers for Open Source Vulnerabilities” — Veracode" data-secret="nRu4STMo3R" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); /* ]]> */ </script> https://www.veracode.com/wp-content/uploads/2024/07/Veracode-Container-Scanning.png1600800Veracode Software Composition Analysis now also scans Docker containers and images to find vulnerabilities associated with open source libraries as dependencies of the base OS image and globally installed packages. If you’re interested in understanding how containers work, the different components that make up your container ecosystem, and how that differs from virtualization, we recommend this great overview by Docker.