Skip to main content

Scan Vulnerabilities

🌟 Status: Live for Docker Images

Overview​

The NopeOps Marketplace Dashboard provides an integrated vulnerability scanner to allow you to verify the integrity of:

  • 🚧 Codebases / repositories
  • Public Docker Images
  • 🚧 Templates

Under the hood, open source security scanners such as Trivy search for vulnerabilities and misconfigurations.

Prerequisites​

Scan for vulnerabilities with NodeOps scanner tool​

This guide supports you to understand how to scan for vulnerabilities with the NodeOps Marketplace scanner tool. Use the video or steps to understand the flow.

Step 1: Access the tool​

Logged in from your account, navigate the left hand menu to Scan Vulnerability and click Upload for scanning.

Show me
Scan your resources for vulnerabilities with Trivy and other popular scanning tools from your NodeOps network Dashboard

Step 2: Scan your resource​

  1. Enter the resource name and click Request Scan.
Show me
Image showing process to request scan of a resource within NodeOps Network Dashboard
  1. You may view the scan's progress by clicking the resource name.
Show me
Image showing scanning progress for vulnerability scanner in the NodeOps network Dashboard

Step 3: Review the analysis​

  1. Once the scan is complete, click on the resource name to view a summary.

Reload the page if necessary.

Show me
Image showing scan summary providing total number of vulnerability issues detected and critical status of the issues in the NodeOps Network Dashboard
  1. Click on the summary block to deep dive into the scan details.
Show me
Image showing scan summary providing total number of vulnerability issues detected and critical status of the issues in the NodeOps network Dashboard

Congratulations! You can now deep-dive into the vulnerabilites identified by the scanner.

Image showing details of the vulnerability issues detected and severity statuses of the issues with a resource scanned by  the NodeOps network Dashboard

What next?​

  • Consider downloading the report for your scan using the Download Report button
  • If you want to test an OWASP-issued Docker image of an app with known vulnerabilities, consider scanning bkimminich/juice-shop
  • Set up your Cloud Infrastructure using NodeOps Network's Marketplace