Once you run snyk test at least once, run snyk monitor from the CLI. Alternatively, integrate with a container registry from the UI and select to import your projects to import and then monitor from the Snyk UI.
We then scan your project, testing for vulnerabilities, and import a snapshot of your projects.
From the Projects page, if the project is imported from a registry integration, then it is marked with the relevant registry icon; if it is imported from the CLI, then similarly it is marked with a CLI icon.
You can filter for all container projects, similar to the following example:
When you open any container project, the resulting analysis and remediation advice are displayed from the Snyk UI similar to the following:
The following information is displayed:
Project summary, displays general project details, including these unique details:
Total dependencies with known vulnerabilities, and the total number of vulnerabilities
Remediation advice—if you included your Dockerfile for monitoring, then any available actionable remediation advice is displayed. To view all advice, click the Show more upgrade types link. The advice offered is dependent on available remediation, and appears similar to the following image:
Upgrade suggestions can include:
Minor upgrades—the safest and best minor upgrade available
Major upgrades—an option for a major upgrade which will reduce more vulnerabilities but with greater risk
Alternative upgrades—viable alternative image options for replacing your current base image with other, different base images that provide the least amount of vulnerabilities possible.
If your base image is outdated, Snyk also recommends rebuilding your image.
Upgrade recommendations include these details:
the name of the recommended base image version
the number of vulnerabilities existent in the recommended upgrade
a summary of the vulnerability severities accordingly.
Filters—in addition to the other filters available for all supported project types, when you view a container project, you can also filter by a specific binary or by OS packages (for binaries/packages containing issues)
If there is only one category of issue in your container, such as Node binary vulnerabilities only or OS packages only, this filter does not appear.
Issues tab—List of vulnerabilities, including origins, paths, and an overview of the vulnerability
Dependencies tab—a tree view of package hierarchy inside the image