From the course: Application Security in DevSecOps

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Continuous container security demo

Continuous container security demo

From the course: Application Security in DevSecOps

Start my 1-month free trial

Continuous container security demo

- [Instructor] We are going to use an open source tool called Anchore to look for vulnerable libraries and containers. We installed the tool at the beginning, but before we use it, we need to make sure the vulnerability data has synced, or the tool may not return any results. Run the following command from our demo directory. We're going to call the Anchore CLI, pass it the URL for our locally running Anchore instance. It runs on port 8228. Pass it the username of Admin, with a password of foobar. And then we're going to type in system feeds list. Your screen should look similar to mine, where it lists all their vulnerability databases, and how many vulnerabilities they have in each. If you have any zeroes on the right, you may need to wait a little bit longer for your sync to happen. Give it another 30 minutes and then try again. We're going to move forward, and we're going to run our scan. We're going to reuse the…

Contents