A free image vulnerability scanner, implement Harbor's pluggable scanner adapter.
- Accurate vulnerability scan result, support CVE and CNNVD vulnerability ID, Chinese vulnerability description
- CVE database auto update(config it in docker compose's yaml file)
- Avaliable immediately after deploy, without waiting for updating database, the offline package already include newest CVE database
-
Download Harbor-Scanner offline install package
wget https://github.com/dosec-cn/harbor-scanner/releases/download/v1.3/dosec-scanner.tgz # decompress tar zxf dosec-scanner.tgz # change work directory cd dosec-scanner
-
Run Install Shell
Requirement:docker-compose need to be installed
./Install.sh
-
Config Harbor
Login Harbor UI -> Interrogation Services -> Scanners -> NEW SCANNER
fill in the configuration -> click ADD to finish
① scanner name
② scanner service's IP and port
③ test scanner connection
④ the scanner can only be added after ping test success
modify docker-compose.yaml
if need
version: '2.2'
services:
dosec-db-hb:
image: hub.dosec.cn/library/dosec-db-hb:2022-07-07T16.56.50V2.0-20220706
restart: always
dosec-scannerapp:
depends_on:
- dosec-db-hb
image: hub.dosec.cn/library/dosec-scannerapp:2022-07-19T13.14.25V1.0.1_prod
# map port to host's 8899
ports:
- "8899:8899"
restart: always
# map log directory to host's /var/log/dosec-scanner
volumes:
- /var/log/dosec-scanner:/dosec/log
dosec-scanner-hb:
depends_on:
- dosec-db-hb
- dosec-scannerapp
image: hub.dosec.cn/library/dosec-scanner-hb:2022-07-19T13.04.06V1.3_release
# command: ["-update_cve"]
# uncomment this command if you need auto updating cve database
restart: always
# map log directory to host's /var/log/dosec-scanner
volumes:
- /var/log/dosec-scanner:/dosec/log
cd Harbor-Scanner's project directory, execute command below
docker-compose down
- Debian >= 7, unstable
- Ubuntu LTS releases >= 12.04
- Red Hat Enterprise Linux >= 5
- CentOS >= 5
- Alpine >= 3.3
- Oracle Linux >= 5
Function | Harbor-Scanner | Dosec Container Security Platform |
---|---|---|
Edition | Free | Enterprise Edition |
Integration with Harbor | ✔️ | ✔️ |
OS package vulnerability | ✔️ | ✔️ |
Open source component vulnerability | ✔️ | |
Malware Detection | ✔️ | |
Sensitive Files Detection | ✔️ | |
Image Configuration Analysis | ✔️ | |
Docker File Analysis | ✔️ | |
Runtime Protection | ✔️ | |
Benchmark Check | ✔️ |
Wechat Group:Scan QR Code below to add community member and get invitation to join community group, please comment Name-Company/Organization/Others information when you add.