Implementing Continuous Image Scanning

1 min read Security Testing & Tools

Implementing Continuous Image Scanning

Set up continuous scanning for your Docker images:

# docker-compose.yml for continuous scanning
version: '3.8'

services:
  scanner:
    image: aquasec/trivy:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./reports:/reports
    environment:
      - TRIVY_CACHE_DIR=/tmp/trivy-cache
    command: |
      sh -c "
        while true; do
          for image in $(docker images --format '{{.Repository}}:{{.Tag}}' | grep -v '<none>'); do
            echo \"Scanning $$image\"
            trivy image --format json --output /reports/$$image.json $$image
          done
          sleep 3600
        done
      "
  
  snyk-monitor:
    image: snyk/snyk:docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - SNYK_TOKEN=${SNYK_TOKEN}
    command: |
      sh -c "
        while true; do
          for image in $(docker images --format '{{.Repository}}:{{.Tag}}' | grep -v '<none>'); do
            snyk container monitor $$image || true
          done
          sleep 3600
        done
      "