Have you ever deployed Docker containers and hoped they delivered safe software? Would you like to get peace of mind that the contents of your containers are secure and clear of vulnerabilities?
With JFrog Xray’s new integration with Docker Desktop Extensions, you will be able to do just that. By scanning for vulnerabilities locally before pushing to your remote repositories, your deployed software will inherently be more secure. By shifting your DevSecOps left and tackling your vulnerabilities earlier in software development, you greatly reduce the chance of having a security flaw being found in production, or worse, exploited.
But first, what is JFrog Xray?
JFrog Xray is the universal software composition analysis (SCA) solution that enables developers to proactively identify open source software vulnerabilities before they manifest in production, and swiftly remediate flaws across the entire application inventory.
The elegance of the integration between JFrog Xray and Docker Desktop is that it only takes a minute to set up. Within Docker Desktop Extensions, you can easily connect your JFrog Platform to your Docker Desktop application.
But that isn’t all, the integration between JFrog and Docker Desktop is offered for free through JFrog’s free tier subscription. You will be able to create your own free JFrog Platform environment within Docker Desktop. The JFrog Xray integration with the Docker Desktop Extension actually allows you to set a free tier instance and connect it automatically. After installing the JFrog extension, all you will need to do is click on a button inside the Docker Desktop, and you’ll be set to go.
Once you’ve connected your JFrog Platform to Docker Desktop, you can pick which local Docker image to scan:
If there are any vulnerabilities found in your local images, the JFrog Xray extension will display a list of security exposures.
Simple and easy – the way security should be. Imagine all the time you’ll save knowing that the binaries inside your containers are secure.
Wait, there’s more – if you prefer to work from the command line, you can use JFrog CLI to scan any local Docker image, just like the extension does. Here’s how you do it:
- Install JFrog CLI
- Already have a JFrog environment, configure it by running the jf c add command
- Don’t have a JFrog environment yet, set one up for free, by running the jf setup command
- Scan any local Docker image by running jf docker scan <image name>:<image tag>
This extension will be available at DockerCon 2022 on May 10th. We look forward to seeing you there!