Cve

Figure 1. OSV Scanner Security is a critical aspect of software development, and staying ahead of vulnerabilities is essential for us application developers. Google’s OSV Scanner is a powerful tool that helps detect vulnerabilities in open-source dependencies. This article will guide us through setting up and using OSV Scanner to secure our projects, scan for invalid licenses, scan OCI images and finally how to fix findings via guided remediation. ...

Restrict Network Can be useful when using a third-party image that we do not trust Run with no network docker run --network none <image> Run with private isolated network At least containers attached to this network can talk with another docker network create --internal my_isolated_network docker run --network my_isolated_network <image> Block using firewall e.g. using iptables or ipfw # Get container's IP docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_name> # Block all outbound connections from that IP sudo iptables -I DOCKER-USER -s <container_ip> -j DROP ...