Skip to main content

Scan with Veracode Container Security

Veracode Container Security scans return vulnerability data and policy evaluations based on several categories of findings.

Before you begin:

  • Ensure you have installed the Veracode CLI.
  • If you want to run container security scanning in a Docker container, ensure you have installed a package containing compatibility libraries for glibc, such as libc6-compat.

To complete this task:

  1. At the command prompt, run this command: ./veracode configure.

  2. When prompted, enter the API ID and secret key you generated in the Veracode Platform.

  3. Fetch the custom policy to be applied to the scan. For example, to fetch the policy named policy-container-scan, run the following command:

    ./veracode policy get demo-policy-container-scan

    The preceding command fetches the policy in Rego format. To check if the policy is downloaded, run ls -ltr.

  4. Run the scan command with the appropriate policy, target type, target, and flags. For example:

    ./veracode scan --source alpine:latest --type image --policy policy-container-scan.rego

    To print the output to a file, add the -o flag. You can share this file or save it as an artifact in a pipeline. For example:

    ./veracode scan --source alpine:latest --type image -o alpine-latest.json

  5. Review the results.

Last updated on