Docker has a Security Scanning service for docker images of the Docker Official repository.
Are there any plan to submit the grafana/grafana docker image to the Docker Official repository to use this service as well?
Docker Hub is not only one, who provides security scanning of Docker images:
- CoreOS community has own free tool Clair (integrated into CoreOS Quay)
- commercial tools: Black Duck, …
I do not want to disappoint you, but almost all Docker images based on OS Docker images are vulnerable. Only Alpine keeps their Docker image “secure”.
Grafana uses debian:strech-slim as a base image, so final Grafana image inherits at least base OS image sec. issues: https://hub.docker.com/r/library/debian/tags/stretch-slim/
Thank you for alternatives tools/services for security scan.
You are right that most Docker images based on OS Docker images are currently vulnerable.
It is just a proposal, as I think it as a useful service from Docker Hub.