Scanning Your First Container Image

1 min read Security Testing & Tools

Scanning Your First Container Image

With Snyk configured, you can begin scanning container images immediately. Snyk's scanner analyzes multiple aspects of your images:

# Scan a public image
snyk container test alpine:latest

# Scan a local image
docker build -t myapp:latest .
snyk container test myapp:latest

# Scan with detailed output
snyk container test nginx:latest --print-deps

# JSON output for automation
snyk container test ubuntu:22.04 --json > results.json

# Scan and filter by severity
snyk container test node:16-alpine --severity-threshold=high

Understanding Snyk's output helps you interpret results effectively:

# Example output structure
Testing alpine:latest...

✗ Low severity vulnerability found in musl
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-ALPINE318-MUSL-5928251
  Introduced through: [email protected]
  From: [email protected]
  Fixed in: 1.2.4-r2

Organization:      my-org
Package manager:   apk
Project name:      docker-image|alpine
Docker image:      alpine:latest
Platform:          linux/amd64
Base image:        alpine:3.18.3

Tested 14 dependencies for known vulnerabilities, found 2 vulnerabilities.