How To Rapidly Evaluate Docker Images
Learn how you quickly can discover and assess the suitability of Docker images for your specific needs, ensuring a streamlined and reliable evaluation process. 🐋
Are you looking for a way to quickly assess Docker Images for your projects? Using Docker scan and Docker Official Images we can do that pretty quickly and without many complex operations. 🥳
I often encounter threads with people asking if it's the right image they are choosing for their projects and I tell them all the same, use the scanner and verify the image. ✅
Alright - that sounds easy, how can I do that Christian? I'm glad you asked 😅 In this short Docker tutorial I will teach you briefly about Docker Official Images and Docker Scout.
What are Docker Official Images?
Docker official images are like these ready-made, super reliable building blocks for your apps, and they come straight from the folks at Docker. Instead of starting from scratch, you get these pre-set images that cover everything from operating systems to cool software tools.
It's like having a shortcut to get your apps up and running without the headache of setting everything up yourself. These images are a result of teamwork between Docker and the original software creators, so you know they're legit.
Wanna know the best part? You can find them all on Docker Hub, which is like this massive library of these tried-and-true images. So, instead of spending hours setting up your tech stack, you can dive right into building your awesome app with a solid foundation. Easy peasy!
Alright - how can we take advantage of Docker Hub and use it to help us find the right image for our project?
Searching for Docker Images at Docker Hub
When I am not making DevOps stuff I am writing API backends in .NET and C#. To expose a .NET Core API you can use a webserver like nginx
if not relying on the one built in. So let's imagine we would like to incorporate nginx into our .NET Core Web API project.
That would require us to search for an Nginx image. I always want the official images if they are available. Below is a command for searching official Nginx images and displaying the details in the terminal.
docker search --filter "is-official=true" --format "table {{.Name}}\t{{.Description}}\t{{.StarCount}}" nginx
The output? You got it right here:
NAME DESCRIPTION STARS
nginx Official build of Nginx. 19433
unit Official build of NGINX Unit: Universal Web … 20
As you can see we got a response from Docker Hub, only showing us the official docker images for nginx along with a name, description, and the amount of stars for the image.
Get Docker Image Tags Using curl and jq
Let's continue with the nginx
image as it got the most stars and it is the official image of Nginx. When building images I prefer to know the version of all images, services, etc... so let's use the API for Docker Hub one more time to get the available tags for the nginx
image.
The official URL for retrieving details about the nginx image from Docker Hub is: https://registry.hub.docker.com/v2/repositories/library/nginx/tags/
If we access that URL, we are presented with plain JSON, like below.
{
"count":560,
"next":"https://registry.hub.docker.com/v2/repositories/library/nginx/tags/?page=2&page_size=10",
"previous":null,
"results":[
{
"creator":2215,
"id":10128273,
"images":[
{
"architecture":"amd64",
"features":"",
"variant":null,
"digest":"sha256:5fe47c7e5c57bcf6d5c6f0b8bb7faf826dd734025dc08e35f4fcb587fabdfb4a",
"os":"linux",
"os_features":"",
"os_version":null,
"size":68303871,
"status":"active",
"last_pulled":"2024-01-05T13:11:31.103333Z",
...
Okay, let's use jq
and curl
to get that data into our terminal. To install jq
, run the following command in your terminal. (debian / ubuntu).
sudo apt install jq
Now run the following command in your terminal to get the tags from the API response at Docker Hub.
curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags/" | jq -r '.results[].name'
This will give us a response like the following:
root@devopsspace-ubuntu:/# curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags/" | jq -r '.results[].name'
stable-perl
stable-bullseye-perl
1.24.0-perl
1.24.0-bullseye-perl
1.24-perl
1.24-bullseye-perl
1-perl
1-bookworm-perl
perl
mainline-perl
Pull The Docker Image From Docker Hub Using Tag
Now you can select any version/tag of nginx you would like. I always select the latest available version of the image. So let's continue with 1.24.0-perl
and pull that image from Docker Hub.
docker pull nginx:1.24.0-perl
You should get a response like the following:
Did you notice the message "What's Next?" - Docker Scout... A tool to view a summary and vulnerabilities of the image.
What is Docker Scout And How To Use It?
If you have a running installation of Docker Desktop you will also have Docker Scout. It's a plugin bundled with Docker Desktop and it can help us engineers analyze the container images we find on the internet and plan to use. Wooha! 🥳
Let's run the proposed docker
command from the terminal window and see Docker Scount in action analyzing our nginx
Docker image.
docker scout quickview nginx:1.24.0-perl
This will quickly analyze our image and output the following response:
What do the different numbers and letters mean with the colorings you may ask? Well, that is the number of vulnerabilities in the image. Let me explain them one by one:
1C
= 1 critical vulnerability.0H
= 0 high vulnerabilities.1M
= 1 medium vulnerability.39L
= 39 low vulnerabilities.
Are you interested in the CVEs in the image?
No problem! Docker Scout can also provide these details for us. 😊 Run the following command to view the CVEs in the image. 🤯
docker scout cves nginx:1.24.0-perl
If you click the link for the CVE, you will be presented with a summary for the CVE and a score + more details at Dockers website. It's pretty awesome and provides just the details we need.
Summary
In this Docker tutorial, you have learned how to use curl
and jq
to query the Docker Hub API and request details about Docker Images along with tags.
Docker Hub provides us with some great details about the official images, vulnerabilities, CVEs, etc... The awesome part about Docker Scout is that you can integrate it into other solutions like your own private registry, pipelines, etc...
If you learned something from this tutorial, share it with your Docker friends, they might learn something and it's free ✌️ If you have any questions, please let me know in the comments below. Until next time, happy Dockerizing! 🥳🐋