• This repository has been archived on 29/Nov/2023
  • Stars
    star
    181
  • Rank 212,110 (Top 5 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images

Weekly Build

Docker Scan

โš ๏ธ

The docker scan command has been removed.

To continue learning about the vulnerabilities of your images, and many other features, use the new docker scout command.

Run docker scout --help, or learn more at https://docs.docker.com/engine/reference/commandline/scout/


Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images.

Table of Contents

How to use it

Login and Third Party Providers

You need to be logged into the Docker Hub in order to use the docker scan command. Docker Scan works with third party providers to detect vulnerabilities, the plugin will ask for your consent before sending any data to the provider.

$ docker scan hello-world
? Docker Scan relies upon access to Snyk a third party provider, do you consent to proceed using Snyk? (y/N)

Scanning

Docker Scan allows you to scan existing Docker images by name or ID.

  • You can then use docker scan DOCKER_IMAGE:
$  docker scan hello-world

  Testing hello-world...

  Organization:      docker-desktop-test
  Package manager:   linux
  Project name:      docker-image|hello-world
  Docker image:      hello-world
  Licenses:          enabled

  โœ“ Tested 0 dependencies for known issues, no vulnerable paths found.

  Note that we do not currently have vulnerability data for your image.

If you want more details, you can provide the Dockerfile used to create the image

  • the syntax is docker scan -f PATH_TO_DOCKERFILE DOCKER_IMAGE

If we apply the option to the current repository, we have:

$ docker scan -f Dockerfile docker-scan:e2e
Testing docker-scan:e2e
...
โœ— High severity vulnerability found in perl
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570802
  Introduced through: git@1:2.20.1-2+deb10u3, meta-common-packages@meta
  From: git@1:2.20.1-2+deb10u3 > [email protected]
  From: git@1:2.20.1-2+deb10u3 > [email protected] > [email protected]
  From: git@1:2.20.1-2+deb10u3 > [email protected] > perl/[email protected]
  and 3 more...
  Introduced by your base image (golang:1.14.6)



Organization:      docker-desktop-test
Package manager:   deb
Target file:       Dockerfile
Project name:      docker-image|99138c65ebc7
Docker image:      99138c65ebc7
Base image:        golang:1.14.6
Licenses:          enabled

Tested 200 dependencies for known issues, found 157 issues.

According to our scan, you are currently using the most secure version of the selected base image

When using the scan command with the -f flag, you can exclude the base image (i.e.: that specified in the Dockerfile with the FROM directive) vulnerabilities from your report by adding the --exclude-base tag.

$ docker scan -f Dockerfile --exclude-base docker-scan:e2e
Testing docker-scan:e2e
...
โœ— Medium severity vulnerability found in libidn2/libidn2-0
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
  Introduced through: iputils/iputils-ping@3:20180629-2+deb10u1, [email protected], [email protected]+deb10u1, git@1:2.20.1-2+deb10u3
  From: iputils/iputils-ping@3:20180629-2+deb10u1 > libidn2/[email protected]+deb10u1
  From: [email protected] > libidn2/[email protected]+deb10u1
  From: [email protected]+deb10u1 > curl/[email protected]+deb10u1 > libidn2/[email protected]+deb10u1
  and 3 more...
  Introduced in your Dockerfile by 'RUN apk add -U --no-cache wget tar'



Organization:      docker-desktop-test
Package manager:   deb
Target file:       Dockerfile
Project name:      docker-image|99138c65ebc7
Docker image:      99138c65ebc7
Base image:        golang:1.14.6
Licenses:          enabled

Tested 200 dependencies for known issues, found 16 issues.

You can also display the scan result as a JSON output by adding the --json flag to the command:

$ docker scan --json hello-world
{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 0,
  "org": "docker-desktop-test",
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.19.0\nignore: {}\npatch: {}\n",
  "isPrivate": true,
  "licensesPolicy": {
    "severities": {},
    "orgLicenseRules": {
      "AGPL-1.0": {
        "licenseType": "AGPL-1.0",
        "severity": "high",
        "instructions": ""
      },
      ...
      "SimPL-2.0": {
        "licenseType": "SimPL-2.0",
        "severity": "high",
        "instructions": ""
      }
    }
  },
  "packageManager": "linux",
  "ignoreSettings": null,
  "docker": {
    "baseImageRemediation": {
      "code": "SCRATCH_BASE_IMAGE",
      "advice": [
        {
          "message": "Note that we do not currently have vulnerability data for your image.",
          "bold": true,
          "color": "yellow"
        }
      ]
    },
    "binariesVulns": {
      "issuesData": {},
      "affectedPkgs": {}
    }
  },
  "summary": "No known vulnerabilities",
  "filesystemPolicy": false,
  "uniqueCount": 0,
  "projectName": "docker-image|hello-world",
  "path": "hello-world"
}

In addition to the --json flag, you can use the --group-issues flag to display only once a vulnerability

$ docker scan --json --group-issues docker-scan:e2e
{
    {
      "title": "Improper Check for Dropped Privileges",
      ...
      "packageName": "bash",
      "language": "linux",
      "packageManager": "debian:10",
      "description": "## Overview\nAn issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.\n\n## References\n- [CONFIRM](https://security.netapp.com/advisory/ntap-20200430-0003/)\n- [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2019-18276)\n- [GitHub Commit](https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff)\n- [MISC](http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html)\n- [MISC](https://www.youtube.com/watch?v=-wGtxJ8opa8)\n- [Ubuntu CVE Tracker](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-18276)\n",
      "identifiers": {
        "ALTERNATIVE": [],
        "CVE": [
          "CVE-2019-18276"
        ],
        "CWE": [
          "CWE-273"
        ]
      },
      "severity": "low",
      "severityWithCritical": "low",
      "cvssScore": 7.8,
      "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F",
      ...
      "from": [
        "docker-image|docker-scan@e2e",
        "[email protected]"
      ],
      "upgradePath": [],
      "isUpgradable": false,
      "isPatchable": false,
      "name": "bash",
      "version": "5.0-4"
    },
    ...
    "summary": "880 vulnerable dependency paths",
      "filesystemPolicy": false,
      "filtered": {
        "ignore": [],
        "patch": []
      },
      "uniqueCount": 158,
      "projectName": "docker-image|docker-scan",
      "platform": "linux/amd64",
      "path": "docker-scan:e2e"
}

You can find all the sources of the vulnerability in the from section.

If you want to see the dependency tree of your image, you can use the --dependency-tree flag, to display all the dependencies before the scan result

$ docker-image|99138c65ebc7 @ latest
     โ”œโ”€ ca-certificates @ 20200601~deb10u1
     โ”‚  โ””โ”€ openssl @ 1.1.1d-0+deb10u3
     โ”‚     โ””โ”€ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
     โ”œโ”€ curl @ 7.64.0-4+deb10u1
     โ”‚  โ””โ”€ curl/libcurl4 @ 7.64.0-4+deb10u1
     โ”‚     โ”œโ”€ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
     โ”‚     โ”œโ”€ krb5/libgssapi-krb5-2 @ 1.17-3
     โ”‚     โ”‚  โ”œโ”€ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
     โ”‚     โ”‚  โ”œโ”€ krb5/libk5crypto3 @ 1.17-3
     โ”‚     โ”‚  โ”‚  โ””โ”€ krb5/libkrb5support0 @ 1.17-3
     โ”‚     โ”‚  โ”œโ”€ krb5/libkrb5-3 @ 1.17-3
     โ”‚     โ”‚  โ”‚  โ”œโ”€ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
     โ”‚     โ”‚  โ”‚  โ”œโ”€ krb5/libk5crypto3 @ 1.17-3
     โ”‚     โ”‚  โ”‚  โ”œโ”€ krb5/libkrb5support0 @ 1.17-3
     โ”‚     โ”‚  โ”‚  โ””โ”€ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
     โ”‚     โ”‚  โ””โ”€ krb5/libkrb5support0 @ 1.17-3
     โ”‚     โ”œโ”€ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
     โ”‚     โ”‚  โ””โ”€ libunistring/libunistring2 @ 0.9.10-1
     โ”‚     โ”œโ”€ krb5/libk5crypto3 @ 1.17-3
     โ”‚     โ”œโ”€ krb5/libkrb5-3 @ 1.17-3
     โ”‚     โ”œโ”€ openldap/libldap-2.4-2 @ 2.4.47+dfsg-3+deb10u2
     โ”‚     โ”‚  โ”œโ”€ gnutls28/libgnutls30 @ 3.6.7-4+deb10u4
     โ”‚     โ”‚  โ”‚  โ”œโ”€ nettle/libhogweed4 @ 3.4.1-1
     โ”‚     โ”‚  โ”‚  โ”‚  โ””โ”€ nettle/libnettle6 @ 3.4.1-1
     โ”‚     โ”‚  โ”‚  โ”œโ”€ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
     โ”‚     โ”‚  โ”‚  โ”œโ”€ nettle/libnettle6 @ 3.4.1-1
     โ”‚     โ”‚  โ”‚  โ”œโ”€ p11-kit/libp11-kit0 @ 0.23.15-2
     โ”‚     โ”‚  โ”‚  โ”‚  โ””โ”€ libffi/libffi6 @ 3.2.1-9
     โ”‚     โ”‚  โ”‚  โ”œโ”€ libtasn1-6 @ 4.13-3
     โ”‚     โ”‚  โ”‚  โ””โ”€ libunistring/libunistring2 @ 0.9.10-1
     โ”‚     โ”‚  โ”œโ”€ cyrus-sasl2/libsasl2-2 @ 2.1.27+dfsg-1+deb10u1
     โ”‚     โ”‚  โ”‚  โ””โ”€ cyrus-sasl2/libsasl2-modules-db @ 2.1.27+dfsg-1+deb10u1
     โ”‚     โ”‚  โ”‚     โ””โ”€ db5.3/libdb5.3 @ 5.3.28+dfsg1-0.5
     โ”‚     โ”‚  โ””โ”€ openldap/libldap-common @ 2.4.47+dfsg-3+deb10u2
     โ”‚     โ”œโ”€ nghttp2/libnghttp2-14 @ 1.36.0-2+deb10u1
     โ”‚     โ”œโ”€ libpsl/libpsl5 @ 0.20.2-2
     โ”‚     โ”‚  โ”œโ”€ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
     โ”‚     โ”‚  โ””โ”€ libunistring/libunistring2 @ 0.9.10-1
     โ”‚     โ”œโ”€ rtmpdump/librtmp1 @ 2.4+20151223.gitfa8646d.1-2
     โ”‚     โ”‚  โ”œโ”€ gnutls28/libgnutls30 @ 3.6.7-4+deb10u4
     โ”‚     โ”‚  โ”œโ”€ nettle/libhogweed4 @ 3.4.1-1
     โ”‚     โ”‚  โ””โ”€ nettle/libnettle6 @ 3.4.1-1
     โ”‚     โ”œโ”€ libssh2/libssh2-1 @ 1.8.0-2.1
     โ”‚     โ”‚  โ””โ”€ libgcrypt20 @ 1.8.4-5
     โ”‚     โ””โ”€ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
     โ”œโ”€ gnupg2/dirmngr @ 2.2.12-1+deb10u1
    ...

Organization:      docker-desktop-test
Package manager:   deb
Project name:      docker-image|99138c65ebc7
Docker image:      99138c65ebc7
Licenses:          enabled

Tested 200 dependencies for known issues, found 157 issues.

If you want to only display some level of vulnerabilities, the --severity flag allows you to choose between 3 levels of vulnerabilities low,medium or high. By using this tag you will only report vulnerabilities of the provided level or higher.

$ docker scan --severity=medium docker-scan:e2e
./bin/docker-scan_darwin_amd64 scan --severity=medium docker-scan:e2e

Testing docker-scan:e2e...

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
 Description: Divide By Zero
 Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-466337
 Introduced through: gnupg2/[email protected]+deb10u1, [email protected]+deb10u1, [email protected]+deb10u1
 From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
 From: [email protected]+deb10u1 > subversion/[email protected]+deb10u1 > sqlite3/[email protected]
 From: [email protected]+deb10u1 > python-defaults/[email protected] > [email protected]+deb10u1 > python2.7/[email protected]+deb10u1 > sqlite3/[email protected]

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
 Description: Uncontrolled Recursion
...
โœ— High severity vulnerability found in binutils/binutils-common
 Description: Missing Release of Resource after Effective Lifetime
 Info: https://snyk.io/vuln/SNYK-DEBIAN10-BINUTILS-403318
 Introduced through: gcc-defaults/g++@4:8.3.0-1
 From: gcc-defaults/g++@4:8.3.0-1 > gcc-defaults/gcc@4:8.3.0-1 > [email protected] > [email protected] > binutils/[email protected]
 From: gcc-defaults/g++@4:8.3.0-1 > gcc-defaults/gcc@4:8.3.0-1 > [email protected] > [email protected] > binutils/[email protected] > binutils/[email protected]
 From: gcc-defaults/g++@4:8.3.0-1 > gcc-defaults/gcc@4:8.3.0-1 > [email protected] > [email protected] > binutils/[email protected] > binutils/[email protected]
 and 4 more...

Organization:      docker-desktop-test
Package manager:   deb
Project name:      docker-image|docker-scan
Docker image:      docker-scan:e2e
Platform:          linux/amd64
Licenses:          enabled

Tested 200 dependencies for known issues, found 37 issues.

Provider Authentication

If you have an existing Snyk account, you can directly use your auth token

$ docker scan --login --token PROVIDER_AUTH_TOKEN

You need to get a Snyk API token and then use it like this

$ docker scan --login --token c68dc480-27bd-45ee-9f5c-XXXXXXXXXXXX

Your account has been authenticated. Snyk is now ready to be used.

If you use the --login command without any token, you will be redirected to the Snyk website to login.

Install Docker Scan

On macOS & Windows:

Docker Desktop comes with Docker scan already installed. Just try to use the plugin, open a terminal and write the following command:

$ docker scan
Usage:    docker scan [OPTIONS] IMAGE

A tool to scan your images

Options:
      --accept-license    Accept using a third party scanning provider
      --dependency-tree   Show dependency tree with scan results
      --exclude-base      Exclude base image from vulnerability scanning (requires --file)
  -f, --file string       Dockerfile associated with image, provides more detailed results
      --json              Output results in JSON format
      --login             Authenticate to the scan provider using an optional token (with --token), or web base token if empty
      --reject-license    Reject using a third party scanning provider
      --token string      Authentication token to login to the third party scanning provider
      --version           Display version of the scan plugin

If you get the following error message, you're not using the latest version of Docker Desktop docker: 'scan' is not a docker command.

On Linux

Docker packaging on Linux comes with Docker scan plugin. You can simply install Docker following the standard linux install

Just try to use the plugin, open a terminal and type the following command:

$ docker scan
Usage:    docker scan [OPTIONS] IMAGE

If you get the following error message, you're not using the latest version of Docker on Linux docker: 'scan' is not a docker command.

Alternatively, you can manually install the scan docker plugin on top of your existing docker setup : Download the binary from the latest release and copy it in the cli-plugins directory

mkdir -p ~/.docker/cli-plugins && \
curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan &&\
chmod +x ~/.docker/cli-plugins/docker-scan

How to build docker scan

You'll find all the commands to build, run and test Docker Scan inside the BUILDING.md file.

Contributing

Want to contribute to Docker Scan? Awesome! First be sure to read the Code of conduct. You can find information about contributing to this project in the CONTRIBUTING.md

More Repositories

1

awesome-compose

Awesome Docker Compose samples
HTML
34,762
star
2

compose

Define and run multi-container applications with Docker
Go
33,472
star
3

kitematic

Visual Docker Container Management on Mac & Windows
JavaScript
12,247
star
4

labs

This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
PHP
11,518
star
5

docker-bench-security

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Shell
9,038
star
6

dockercraft

Docker + Minecraft = Dockercraft
Lua
7,185
star
7

docker-py

A Python library for the Docker Engine API
Python
6,800
star
8

machine

Machine management for a container-centric world
Go
6,628
star
9

cli

The Docker CLI
Go
4,850
star
10

build-push-action

GitHub Action to build and push Docker images with Buildx
TypeScript
4,242
star
11

docs

Source repo for Docker's Documentation
Markdown
4,163
star
12

genai-stack

Langchain + Docker + Neo4j + Ollama
Python
3,907
star
13

buildx

Docker CLI plugin for extended build capabilities with BuildKit
Go
3,513
star
14

getting-started

Getting started with Docker
JavaScript
2,911
star
15

libchan

Like Go channels over the network
Go
2,470
star
16

for-mac

Bug reports for Docker Desktop for Mac
2,426
star
17

docker-install

Docker installation script
Shell
2,281
star
18

for-win

Bug reports for Docker Desktop for Windows
1,849
star
19

roadmap

Welcome to the Public Roadmap for All Things Docker! We welcome your ideas.
1,734
star
20

app

Make your Docker Compose applications reusable, and share them on Docker Hub
Go
1,575
star
21

compose-on-kubernetes

Deploy applications described in Compose onto Kubernetes clusters
Go
1,419
star
22

docker-credential-helpers

Programs to keep Docker login credentials safe by storing in platform keystores
Go
1,060
star
23

login-action

GitHub Action to login against a Docker registry
TypeScript
1,029
star
24

setup-buildx-action

GitHub Action to set up Docker Buildx
TypeScript
933
star
25

metadata-action

GitHub Action to extract metadata (tags, labels) from Git reference and GitHub events for Docker
TypeScript
888
star
26

libkv

Distributed key/value store abstraction library
Go
854
star
27

for-linux

Docker Engine for Linux
751
star
28

libcompose

*Unmaintained/Deprecated* An experimental go library providing Compose-like functionality
Go
585
star
29

setup-qemu-action

GitHub Action to install QEMU static binaries
TypeScript
431
star
30

welcome-to-docker

JavaScript
422
star
31

go-plugins-helpers

Go helper packages to extend the Docker Engine
Go
331
star
32

hub-tool

๐Ÿงช Docker Hub experimental CLI tool
Go
330
star
33

community

326
star
34

scout-cli

Docker Scout CLI
Shell
290
star
35

engine-api

DEPRECATED: Please see https://github.com/docker/docker/tree/master/client
Go
265
star
36

hub-feedback

Feedback and bug reports for the Docker Hub
233
star
37

doodle

A Home for Docker Doodles
Go
221
star
38

go-units

Parse and print size and time units in human-readable format
Go
215
star
39

go-connections

Utility package to work with network connections
Go
212
star
40

compose-switch

Go
199
star
41

go-docker

(Still WIP) Official Go SDK for Docker
Go
189
star
42

bake-action

GitHub Action to use Docker Buildx Bake as a high-level build command
TypeScript
176
star
43

gordon

Cli application to manage github pull requests
Go
176
star
44

docker-ce-packaging

Packaging scripts for Docker CE
Makefile
174
star
45

github-actions

โš ๏ธ This repository is deprecated and has been replaced by docker/build-push-action@v2
Go
163
star
46

sbom-cli-plugin

Plugin for Docker CLI to support SBOM creation using Syft
Go
153
star
47

extensions-sdk

Desktop Extensions SDK
142
star
48

hacktoberfest-2022

Docker Hacktoberfest 2022
140
star
49

go-events

Composable event distribution for Go
Go
131
star
50

node-sdk

Docker CLI gRPC JavaScript SDK
JavaScript
110
star
51

libtrust

Primitives for identity and authorization
Go
107
star
52

compose-ecs

Deploy compose application on ECS
Go
100
star
53

golang-cross

Dockerfile
97
star
54

getting-started-app

A simple application for the getting started guide in Docker's documentation
JavaScript
93
star
55

multi-container-app

EJS
88
star
56

volumes-backup-extension

Back up, clone, restore, and share Docker volumes effortlessly.
PLpgSQL
87
star
57

go-metrics

Package for metrics collection in Docker projects
Go
87
star
58

scout-action

Docker Scout GitHub Action
JavaScript
78
star
59

desktop-linux

Bug reports for Docker Desktop for Linux
76
star
60

containerd-packaging

Linux distro packaging for containerd
Shell
68
star
61

opensource

Contains documentation and scripts related to the management of Open Source at Docker
Go
63
star
62

dev-environments

63
star
63

actions-toolkit

Toolkit for Docker (GitHub) Actions
TypeScript
58
star
64

extension-ideas

A place to suggest new ideas for Docker Extensions and get new ideas of what to build for the larger Docker community
48
star
65

binfmt

Please use https://github.com/linuxkit/linuxkit/tree/master/pkg/binfmt instead of this repo
Go
44
star
66

dev-envs-extension

TypeScript
40
star
67

code-of-conduct

40
star
68

index-cli-plugin

Go
40
star
69

whalesay

A repository in support of the Docker's official whalesay image
Perl
39
star
70

labs-make-runbook

TypeScript
38
star
71

HttpOverStream

.NET library for using HTTP 1.1 over streams, especially Windows Named Pipes
C#
33
star
72

scout-demo-service

Dockerfile
33
star
73

buildkit-syft-scanner

BuildKit Syft scanner
Go
23
star
74

get-involved

Get Involved with Docker
CSS
23
star
75

getting-started-todo-app

Sample application to get started with Docker
JavaScript
23
star
76

babashka-pod-docker

Go
20
star
77

packaging

Docker Packaging (apk, deb, rpm, static)
Dockerfile
20
star
78

buildx-desktop

19
star
79

cli-docs-tool

Utilities to generate (reference) documentation for the docker CLI
Go
19
star
80

docker-nodejs-sample

A simple Node.js application for the guide in Docker's documentation
JavaScript
18
star
81

go

Go packages with small patches autogenerated (used for canonical/json)
Go
18
star
82

base-cli-plugin

Experimental Docker CLI plugin to detect base images
Go
16
star
83

notary-official-images

Shell
16
star
84

python-docker

A simple Python app for the Python Language Guide in Docker's Docs
Python
16
star
85

go-imageinspect

Go
15
star
86

docker-dotnet-sample

A simple .NET web application
HTML
14
star
87

github-actions-runner

Docker's containerized github-actions runner
Shell
13
star
88

labs-ai-tools-for-devs

Project AI For Devs (chat-sdlc) - AI agents running containerized tools
Clojure
13
star
89

dc23-secure-workshop

DockerCon 2023 Secure Development with Docker hands-on exercises code
Dockerfile
11
star
90

extensions-submissions

Submit your Docker Extension here
Shell
11
star
91

docker-php-sample

A simple PHP application
PHP
10
star
92

docker-vscode

The Docker VSCode EAP is an extension for VSCode which provides an early preview into new features by Docker.
10
star
93

python-docker-dev

A simple Python app for the Python Language Guide in Docker's Docs
Python
10
star
94

import-restrictions

Restrict imports in your go project
Go
9
star
95

desktop-action

Docker Desktop action
9
star
96

labs-tape

Tape is for packaging applications
Go
8
star
97

engine-sync

Sync moby/moby with docker/engine
Shell
8
star
98

database-extension

TypeScript
7
star
99

bindmount-apps

EJS
7
star
100

compose-desktop

5
star