Skip to main content
Docker

How To Rapidly Evaluate Docker Images

Learn how you quickly can discover and assess the suitability of Docker images for your specific needs, ensuring a streamlined and reliable evaluation process. 🐋

Christian Schou

evaluate docker images, docker search, docker scout, assess docker image

Are you looking for a way to quickly assess Docker Images for your projects? Using Docker scan and Docker Official Images we can do that pretty quickly and without many complex operations. 🥳

I often encounter threads with people asking if it's the right image they are choosing for their projects and I tell them all the same, use the scanner and verify the image. ✅

Alright - that sounds easy, how can I do that Christian? I'm glad you asked 😅 In this short Docker tutorial I will teach you briefly about Docker Official Images and Docker Scout.

What are Docker Official Images?

Docker official images are like these ready-made, super reliable building blocks for your apps, and they come straight from the folks at Docker. Instead of starting from scratch, you get these pre-set images that cover everything from operating systems to cool software tools.

It's like having a shortcut to get your apps up and running without the headache of setting everything up yourself. These images are a result of teamwork between Docker and the original software creators, so you know they're legit.

Wanna know the best part? You can find them all on Docker Hub, which is like this massive library of these tried-and-true images. So, instead of spending hours setting up your tech stack, you can dive right into building your awesome app with a solid foundation. Easy peasy!

Alright - how can we take advantage of Docker Hub and use it to help us find the right image for our project?

Searching for Docker Images at Docker Hub

When I am not making DevOps stuff I am writing API backends in .NET and C#. To expose a .NET Core API you can use a webserver like nginx if not relying on the one built in. So let's imagine we would like to incorporate nginx into our .NET Core Web API project.

That would require us to search for an Nginx image. I always want the official images if they are available. Below is a command for searching official Nginx images and displaying the details in the terminal.

docker search --filter "is-official=true" --format "table {{.Name}}\t{{.Description}}\t{{.StarCount}}" nginx

The output? You got it right here:

NAME      DESCRIPTION                                     STARS
nginx     Official build of Nginx.                        19433
unit      Official build of NGINX Unit: Universal Web …   20

As you can see we got a response from Docker Hub, only showing us the official docker images for nginx along with a name, description, and the amount of stars for the image.

Get Docker Image Tags Using curl and jq

Let's continue with the nginx image as it got the most stars and it is the official image of Nginx. When building images I prefer to know the version of all images, services, etc... so let's use the API for Docker Hub one more time to get the available tags for the nginx image.

The official URL for retrieving details about the nginx image from Docker Hub is: https://registry.hub.docker.com/v2/repositories/library/nginx/tags/

If we access that URL, we are presented with plain JSON, like below.

{
   "count":560,
   "next":"https://registry.hub.docker.com/v2/repositories/library/nginx/tags/?page=2&page_size=10",
   "previous":null,
   "results":[
      {
         "creator":2215,
         "id":10128273,
         "images":[
            {
               "architecture":"amd64",
               "features":"",
               "variant":null,
               "digest":"sha256:5fe47c7e5c57bcf6d5c6f0b8bb7faf826dd734025dc08e35f4fcb587fabdfb4a",
               "os":"linux",
               "os_features":"",
               "os_version":null,
               "size":68303871,
               "status":"active",
               "last_pulled":"2024-01-05T13:11:31.103333Z",

...

Okay, let's use jq and curl to get that data into our terminal. To install jq, run the following command in your terminal. (debian / ubuntu).

sudo apt install jq

Now run the following command in your terminal to get the tags from the API response at Docker Hub.

curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags/" | jq -r '.results[].name'

This will give us a response like the following:

root@devopsspace-ubuntu:/# curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags/" | jq -r '.results[].name'
stable-perl
stable-bullseye-perl
1.24.0-perl
1.24.0-bullseye-perl
1.24-perl
1.24-bullseye-perl
1-perl
1-bookworm-perl
perl
mainline-perl

Pull The Docker Image From Docker Hub Using Tag

Now you can select any version/tag of nginx you would like. I always select the latest available version of the image. So let's continue with 1.24.0-perl and pull that image from Docker Hub.

docker pull nginx:1.24.0-perl

You should get a response like the following:

pull nginx from docker hub, nginx image, docker pull
Pull Nginx Docker Image from Docker Hub

Did you notice the message "What's Next?" - Docker Scout... A tool to view a summary and vulnerabilities of the image.

What is Docker Scout And How To Use It?

Docker Scout
Docker Scout analyzes your images to help you understand their dependencies and potential vulnerabilities
Docker Documentation

If you have a running installation of Docker Desktop you will also have Docker Scout. It's a plugin bundled with Docker Desktop and it can help us engineers analyze the container images we find on the internet and plan to use. Wooha! 🥳

Let's run the proposed docker command from the terminal window and see Docker Scount in action analyzing our nginx Docker image.

 docker scout quickview nginx:1.24.0-perl

This will quickly analyze our image and output the following response:

docker scout, docker image analyzer
Docker Scout Analyzing nginx image

What do the different numbers and letters mean with the colorings you may ask? Well, that is the number of vulnerabilities in the image. Let me explain them one by one:

  • 1C = 1 critical vulnerability.
  • 0H = 0 high vulnerabilities.
  • 1M = 1 medium vulnerability.
  • 39L = 39 low vulnerabilities.

Are you interested in the CVEs in the image?

docker scout cves
″ ”
Docker Documentation

No problem! Docker Scout can also provide these details for us. 😊 Run the following command to view the CVEs in the image. 🤯

docker scout cves nginx:1.24.0-perl
docker scout, docker cves, docker scout cves, nginx
Docker Scout CVES - Nginx 1.24.0-perl

If you click the link for the CVE, you will be presented with a summary for the CVE and a score + more details at Dockers website. It's pretty awesome and provides just the details we need.

CVE-2023-46218
View details on CVE-2023-46218, including its impact, common weakness enumeration, severity scores, and more from a library of trusted sources.

Summary

In this Docker tutorial, you have learned how to use curl and jq to query the Docker Hub API and request details about Docker Images along with tags.

Docker Hub provides us with some great details about the official images, vulnerabilities, CVEs, etc... The awesome part about Docker Scout is that you can integrate it into other solutions like your own private registry, pipelines, etc...

If you learned something from this tutorial, share it with your Docker friends, they might learn something and it's free ✌️ If you have any questions, please let me know in the comments below. Until next time, happy Dockerizing! 🥳🐋