★Start Free★
Guides

Dockerfile Security Scanning

Suggest Edits

Key things to know about Jit Dockerfile Security Scanning

  • Brief description: Scan your codebase for a wide variety of security issues within your dockerfiles, like overly permissive containers, insecure base images, exposed ports, and many more.
  • Scanning process: Scanning takes place periodically across your entire codebase (or selected repositories), and during every code change introduced by your developers.
  • How to get started: Jit IaC Security Scanning can be enabled by navigating to Security Plans (left menu) → Jit Max Security PlanScan your Dockerfiles for vulnerabilities. Hit Activate, which will kick off the scanning processes described above.
  • Based on Trivy: Jit unifies and enhances the leading open source scanners for all product security scanning technologies. For Dockerfile scanning, Jit leverages Trivy — automatically deploying and running the scanner so you don't have to manage it yourself.

User Experience

UX for Security Teams

Security Teams can view Dockerfile security issues across the entire codebase — unified alongside all other product security issues.

Detecting and investigating Dockerfile security issues

  • Go to the Jit Backlog and create a Vulnerability Type filter and select Container Vulnerabilities.
  • Open a security issue to bring up helpful information like its location and Knowledge Graph, which describes the runtime context of the issue.

Prioritizing the riskiest Dockerfile security issues

  • In many environments, there can be thousands of Dockerfile security issues. Rather than manually trying to determine which vulnerabilities introduce the most risk, Jit assigns each issue a Priority Score based on the issue's runtime context — making it easy to focus on the top risks.
  • Learn more about Jit's contextual prioritization on the Context Engine page.

Triaging and remediating Dockerfile security issues

  • Create a ticket through Jira, Slack, Linear and other notification endpoints (see ticketing and triage information here). Or, you can open a fix PR to patch the security issue with an updated OSS version.
  • Create a fix PR from within Jit to auto remediate the issue immediately with one-click code suggestions.

UX for developers

Developers never need to leave their coding environment to identify and resolve Dockerfile security issues.

  • When Dockerfile Security Scanning is enabled for a given GitHub repository or GitLab project, it will automatically scan every code change and provide immediate code security feedback within the developer environment.
  • Jit returns all of the information needed to resolve the issue within the PR or MR, including auto remediation to resolve the security issue with a click.

Updated 5 months ago