The feature is currently supported for Node, Ruby, PHP and Python (requirements.txt).
Snyk allows detection of vulnerabilities in your application dependencies from container images, as well as from the operating system, all in one single scan.
Once you integrate with a container registry and import your projects, we scan your image and test for vulnerabilities.
Steps to enable application vulnerabilities scan from container images
- Navigate to your container registry integration settings
- Enable the Detect application vulnerabilities capability and save the changes:
Once the feature is enabled, you are able to see dependencies’ vulnerabilities of manifest files detected in your container image, along with the ones detected in the operating system.
When an image is imported to Snyk, it appears under its registry record in the ‘Projects’ view.
There, you can find the operating system vulnerabilities found in your image, and with this feature enabled, you can also find nested manifest files detected in the image and their vulnerabilities.
Snyk scans the image regularly based on your project’s settings, and updates you via email or Slack - based on your configuration - when any new vulnerabilities are identified in both the operating system and application dependencies. For each project, whether it’s the image’s one with operating system vulnerabilities or the application dependencies one, you can choose the test frequency under its settings, while the default is daily testing.
It is supported across the following container registries:
- Amazon ECR
- Docker Hub