Scan vulnerabilities
🌟 Status: Available on Mainnet.
TL;DR
Log in to the Marketplace to access vulnerability and SBOM reports from an intuitive dashboard.
Overview​
The NopeOps Marketplace Dashboard provides an integrated vulnerability scanner to allow you to verify the integrity of:
- 🚧 Codebases / repositories
- Public Docker images (including Marketplace templates)
Prerequisites​
- Marketplace account
- For recurring scans, a registered email
- Publicly available resource to assess
Scan for vulnerabilities with Security Hub​
This guide supports you to understand how to scan for vulnerabilities with the NodeOps Marketplace Security Hub. Use the video or steps to understand the flow.
Step 1: Access the tool​
Logged in from your account, navigate the left hand menu to Security Hub.
Show me
Step 2: Scan your resource​
- Click Upload for Scanning.
Show me
- Enter a publicly-available Docker image name and choose scan type:
- Vulnerability
- SBOM
Show me
- (Optional) Click Enable Recurring Scan. This requires that you have an email linked to your Marketplace account to receive alerts on.
Step 3: Review the analysis​
tip
You may view the scan's progress by clicking the resource name.
Show me
- Once the scan is complete, click the resource name to view a summary.
Reload the page if necessary.
Show me
- Click the summary block to deep dive into the scan details.
Show me
Congratulations: you can now deep-dive into the vulnerabilites identified by the scanner.
What next?​
- Follow the User Guide to manage your scans
- To test an OWASP-issued Docker image of an app with known vulnerabilities, consider scanning
bkimminich/juice-shop - Set up your Cloud infrastructure using NodeOps Network's Marketplace
- Learn more about the Security Hub