0

Looking into Nexus Repository Pro to be used as Docker container image registry.

As I understand it can do vulnerability scanning but can it also can check if containers runs under root user?

Is it possible to validate with such rule?

Is it also possible to do version check, e.g. if a container base image has updates?

4integration
  • 193
  • 1
  • 3
  • 13

1 Answers1

0

NXRM doesn't do anything but store the images and provide them on request.

If you are using a Docker proxy, you can search to see if new images are available via the CLI but there is nothing in NXRM that will automatically (automagically) relay this for you. It is basically an interim service between you and the proxied location (often docker hub).

FYI, vulnerability scanning is done by the sister application: Lifecycle. There are aspects of it that work with OSS as well. Doesn't answer your question but since you made a statement in description that isn't fully accurate, thought you (or others) might be interested.

joedragons
  • 2,505
  • 21
  • 21
  • Thanks to me it looks like vulnerability scanning is included in Nexus Repository Manager Pro as Repository Health Check (RHC) - see https://www.sonatype.com/product-nexus-repository Also I get a bit confused when looking at the website and the button on top "Free App Scan" - https://www.sonatype.com/appscan It is pretty difficult to get a good view of Nexus products – 4integration Feb 28 '20 at 07:02
  • @4integration Sorry you're right. When you said scanning, I thought you meant as stuff comes in, which is the "simple" distinction between Lifecycle and RHC (the latter just being a report of items in the repositories). The Free App Scan is just one item at a time. I hope that helps somewhat. – joedragons Feb 29 '20 at 02:53