Process of a Docker Images Plugin Scan
The Docker Images plugin scan performs the following steps as it executes:
| Step | Description |
|---|---|
| 1 | Contacts the Code Insight server to validate the connection and download a scanner. |
| 2 | Extracts the Docker image file. (The extracted file hierarchy will be represented in the Codebase Files list in the Analysis Workbench .) |
| 3 | Finds the Docker image layer information via the manifest file. |
| 4 | Scans the extracted Docker image contents. |
| 5 | Adds any Syft findings from the image to the inventory list. |
| 6 | Sends the inventory results to the associated Code Insight instance. |
note
Both support for incremental rescans and the application of scan profile settings from the Code Insight project are available starting with the Docker Images plugin version 2.3.1. See Application of Scan Profile Settings for details.