Skip to content

Lab 7 - container image vulnerability scanning#622

Open
blxxdclxud wants to merge 17 commits intoinno-devops-labs:mainfrom
blxxdclxud:feature/lab7
Open

Lab 7 - container image vulnerability scanning#622
blxxdclxud wants to merge 17 commits intoinno-devops-labs:mainfrom
blxxdclxud:feature/lab7

Conversation

@blxxdclxud
Copy link
Copy Markdown

@blxxdclxud blxxdclxud commented Mar 23, 2026

Goal

Lab 7 — container image vulnerability scanning, Docker host security benchmarking, and secure deployment configuration analysis for OWASP Juice Shop.

Changes

  • Added labs/submission7.md with full analysis for Tasks 1–3
  • Added labs/lab7/scanning/scout-cves.txt — Docker Scout CVE scan (11 Critical, 65 High)
  • Added labs/lab7/scanning/snyk-results.txt — Snyk scan (5 Critical, 44 High, with upgrade paths)
  • Added labs/lab7/scanning/dockle-results.txt — Dockle config assessment
  • Added labs/lab7/hardening/docker-bench-results.txt — CIS Docker Benchmark (45 PASS, 211 WARN)
  • Added labs/lab7/analysis/deployment-comparison.txt — three deployment profiles compared

Testing

  • Local testing performed
  • Verified the expected behavior

All three container profiles (default, hardened, production) returned HTTP 200. Docker Scout, Snyk, Dockle, and docker-bench-security all ran successfully against bkimminich/juice-shop:v19.0.0.

Artifacts & Screenshots

Scan outputs committed to labs/lab7/:

  • Docker Scout: 76 vulnerabilities (11C/65H) in 1004 packages
  • Snyk: 49 issues (5C/44H) with specific upgrade recommendations
  • CIS Benchmark: 45 PASS, 211 WARN, 0 FAIL
  • All 3 deployment profiles confirmed running and responding

Checklist

  • PR has a clear, descriptive title
  • Documentation updated if needed
  • No secrets or large temp files included
  • Task 1 done — Advanced Image Security & Configuration Analysis
  • Task 2 done — Docker Security Benchmarking & Assessment
  • Task 3 done — Secure Container Deployment Analysis

blxxdclxud and others added 17 commits February 9, 2026 14:31
@blxxdclxud
docs: add PR template
73f1ee3
@blxxdclxud
docs(lab1): add submission1 triage report
bdc9f65
@blxxdclxud
docs: Add screenshot
3fe9990
@blxxdclxud
docs(lab1): Add PR template evidence
05b525c
@blxxdclxud
docs: add lab2 submission
9bb62a8
@blxxdclxud
docs: add commit signing summary
93654e1
@blxxdclxud
docs: update commit signing key
faf1bc8
@blxxdclxud
docs: lab3 done
12b76b8
@blxxdclxud
docs: add lab4 submission - SBOM generation and SCA comparison
aa949c4
@blxxdclxud
docs: refactor submission4 for clarity and brevity
0dc7448
@blxxdclxud
Merge branch 'inno-devops-labs:main' into main
62a9254
@blxxdclxud
.
3090a04
@blxxdclxud
Merge branch 'main' into feature/lab4
9576d72
@blxxdclxud
docs: add lab5 submission - SAST/multi-approach DAST security analysis
656d67c
@blxxdclxud
docs: add lab6 submission - IaC security scanning and comparative ana…
1e756b7 
…lysis
@blxxdclxud
docs: add lab7 submission - container security analysis
a0fe8a7 
Task 1: Docker Scout CVE scan (11C/65H), Trivy comparison, Dockle config audit
Task 2: CIS Docker Benchmark - 45 PASS, 211 WARN, 0 FAIL
Task 3: Three deployment profiles compared - default/hardened/production
@blxxdclxud
docs: update lab7 with actual Snyk scan results and comparison
f860e82
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@blxxdclxud