Snyk Container enables developers to test, fix and monitor open source vulnerabilities in their images.
Scanning and analyzing your Linux-based container project for known vulnerabilities is an important step in securing your environment by helping you identify and mitigate security vulnerabilities.
To help secure your container, Snyk scans the base image for its dependencies:
The operating system (OS) packages installed and managed by the package manager
Key binaries—layers that were not installed through the package manager
Based on the scan results, Snyk offers remediation advice and guidance for public DockerHub images by indicating the:
Origins of the vulnerabilities in your OS packages and key binaries
Base image upgrade details or a recommendation to rebuild the image
Dockerfile layer in which the affected package was introduced
Fixed-in version of the operating system and key binary packages
Docker scanning (testing) and monitoring is available via the Snyk CLI and also from the Snyk UI. Developers can run 100 tests per month on our free tier plan, and unlimited tests with our other plans.
In addition, Snyk integrates with several container registries, available for all of our pricing plans including our free tier offer. See Plans to learn more.
See also our introduction to container security best practice.