Docker Integration
Rorix scans your Docker images for base image vulnerabilities, security misconfigurations, and best practice violations.
Dashboard Usage
- Navigate to Projects in your Rorix dashboard
- Click Add Project and select Docker Image
- Enter the image name (e.g.,
myapp:latestor a registry URL) - Rorix pulls and analyzes the image layers
What Rorix Checks
Base Image CVEs
Rorix scans the base image OS packages and installed runtime dependencies for known vulnerabilities from the NVD and other advisory databases.
Multi-Stage Build Analysis
Rorix verifies that your Dockerfile uses multi-stage builds correctly:
- Build-time dependencies are not present in the final image
- Debug tools and SDKs are excluded from production layers
- The final stage uses a minimal base image
Security Practices
- Running as a non-root user
- No secrets or credentials in image layers
- Minimal attack surface (unnecessary packages removed)
- Health checks defined
Docker Compose
When a docker-compose.yml is detected, Rorix analyzes:
- Service-level security configurations
- Network isolation between services
- Volume mount permissions
- Exposed ports
API Usage
Scan a Docker image via the API:
curl -X POST https://rorix.io/api/docker/scan \
-H "Authorization: Bearer rxk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"image": "mcr.microsoft.com/dotnet/aspnet:8.0",
"tag": "latest"
}'Suppressing Findings
To suppress specific findings, add a .rorix-ignore file to your project:
# .rorix-ignore
docker:
- id: CVE-2024-1234
reason: "Mitigated by network policy"
- id: DOCKER-001
reason: "Root required for port binding"