Custom Approaches to Vulnerability Detection in Docker Containers

Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this article, I will explain the approach and foundational principles for detecting vulnerabilities inside Docker containers without relying on commercial solutions.

Approach:

One of the main challenges is how to extract this data from Docker images, along with the image version. First, we can obtain version information from the image metadata. This information should then be sent to a database, where we can associate it with other relevant data.

Vulnerability retrieve: Find docker ID In the next step, if the Linux distribution supports dpkg, use the noted command. If not, use another suitable command to obtain information about installed packages, and add this information to the container directory.

docker exec <container_name> dpkg -l > /tmp/installed_apt_packages.txt
docker exec <container_name> find /usr/local/bin /opt -type f -executable > /tmp/manual_installs.txt

On last step we need to take txt data and move to host where the docker is running .

docker cp <containerid>:/tmp/installed_apk_packages.txt ./installed_apk_packages.txt

Then, parse the text and connect to the National Vulnerability Database (NVD) to retrieve information about any identified vulnerabilities. Send this data to DB and assign to docker image version .

Conclusion: By leveraging standard Linux utilities and publicly available vulnerability databases, it is possible to build an effective in-house process for detecting vulnerabilities in Docker images—without costly commercial tools. Extracting version and package data, analyzing results against the NVD, and storing findings in a database enables you to maintain visibility and security across your containerized environments, even on a limited budget.