🐋🔒 DockerScan v2.0.5

The Most Comprehensive Docker Security Scanner

By Daniel Garcia (cr0hn)

🎯 What's Included

This release includes pre-compiled binaries for:

• Linux: amd64, arm64, 386
• macOS: amd64 (Intel), arm64 (Apple Silicon)
• Windows: amd64, arm64, 386
• FreeBSD: amd64

🚀 Quick Start

Linux / macOS

# Download (replace with your platform)
curl -L https://github.com/cr0hn/dockerscan/releases/download/v2.0.5/dockerscan-linux-amd64 -o dockerscan

# Verify checksum (recommended)
curl -L https://github.com/cr0hn/dockerscan/releases/download/v2.0.5/checksums.txt -o checksums.txt
sha256sum -c checksums.txt --ignore-missing

# Make executable and install
chmod +x dockerscan
sudo mv dockerscan /usr/local/bin/

# Run
dockerscan nginx:latest

Windows (PowerShell)

Invoke-WebRequest -Uri "https://github.com/cr0hn/dockerscan/releases/download/v2.0.5/dockerscan-windows-amd64.exe" -OutFile "dockerscan.exe"
.\dockerscan.exe nginx:latest

🌟 Features

✅ CIS Docker Benchmark v1.7.0 - 80+ automated compliance checks
✅ Supply Chain Attack Detection - Based on 2024-2025 research
✅ Advanced Secrets Detection - 40+ secret patterns (AWS, GCP, Azure, API keys, etc.)
✅ CVE Scanning - Critical 2024-2025 vulnerabilities
✅ Runtime Security - Linux capabilities, Seccomp, AppArmor, namespace analysis
✅ SARIF Output - GitHub Security, Azure DevOps, VS Code integration
✅ JSON Reports - Machine-readable format
✅ Beautiful CLI - Color-coded severity levels

📊 Security Coverage

• CIS Benchmark: Host config, daemon hardening, image best practices, runtime security
• Supply Chain: Imageless containers, crypto miners, backdoored libs, signature verification
• Secrets: Cloud credentials, API keys, private keys, JWT tokens, DB connections
• CVEs: CVE-2024-21626, CVE-2024-23651/52/53, CVE-2024-8695/96, CVE-2025-9074
• Runtime: Capabilities audit, Seccomp profiles, container escape detection

🔍 Example Usage

# Basic scan
dockerscan nginx:latest

# Specific scanners
dockerscan --scanners cis,secrets,vulnerabilities myapp:v1.0

# CI/CD integration
dockerscan myapp:latest
if [ $? -eq 2 ]; then
  echo "Critical vulnerabilities found!"
  exit 1
fi

📚 Documentation

• README - Complete documentation
• Use Cases - CI/CD, audits, compliance
• Architecture - Extensibility guide

🐛 Bug Reports & Feature Requests

Please report issues at: https://github.com/cr0hn/dockerscan/issues

📄 License

BSD-3-Clause License

👤 Author

Daniel Garcia (cr0hn)

• Website: https://cr0hn.com
• GitHub: https://github.com/cr0hn
• Twitter: @ggdaniel

⭐ If you find DockerScan useful, please star the repository!

Making Docker Security Accessible to Everyone