0
0
Dockerdevops~20 mins

Scanning images for vulnerabilities in Docker - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Vulnerability Scanning Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Output of Docker image vulnerability scan using Trivy
You run the command trivy image alpine:3.18 to scan the Alpine Linux Docker image for vulnerabilities. What is the expected type of output you will see?
Docker
trivy image alpine:3.18
AA list of detected vulnerabilities with severity levels, package names, and fixed versions if available.
BA summary showing only the total number of layers in the image without vulnerability details.
CAn error message stating 'image not found' because Alpine images cannot be scanned.
DA JSON output showing only the image size and creation date without any vulnerability info.
Attempts:
2 left
💡 Hint
Trivy scans images and reports vulnerabilities with details like severity and fixes.
🧠 Conceptual
intermediate
2:00remaining
Understanding vulnerability scanning in CI/CD pipelines
Why is it important to include Docker image vulnerability scanning as part of a CI/CD pipeline?
ATo detect and fix security issues early before deploying containers to production.
BTo increase the build time significantly for better resource usage.
CTo reduce the size of the Docker image by removing unused packages.
DTo automatically update the base image without manual intervention.
Attempts:
2 left
💡 Hint
Think about security risks and deployment safety.
Troubleshoot
advanced
2:00remaining
Troubleshooting Trivy scan failure due to missing Docker daemon
You run trivy image myapp:latest on a server without Docker installed and get an error. What is the most likely cause?
Docker
trivy image myapp:latest
AThe network connection is down, so Trivy cannot reach the vulnerability database.
BTrivy cannot find the Docker daemon to pull or inspect the image locally.
CTrivy requires root privileges to run the scan and you ran it as a normal user.
DThe image name is invalid and Trivy cannot parse it.
Attempts:
2 left
💡 Hint
Trivy needs to access the image locally or remotely.
Configuration
advanced
2:00remaining
Configuring Trivy to ignore low severity vulnerabilities
Which Trivy command option correctly configures the scan to report only vulnerabilities with severity HIGH or CRITICAL?
Atrivy image --severity-level HIGH,CRITICAL myapp:latest
Btrivy image --ignore-severity LOW,MEDIUM myapp:latest
Ctrivy image --only-severity HIGH,CRITICAL myapp:latest
Dtrivy image --severity HIGH,CRITICAL myapp:latest
Attempts:
2 left
💡 Hint
Check Trivy's official option for severity filtering.
Best Practice
expert
2:00remaining
Best practice for scanning multi-stage Docker builds
In a multi-stage Dockerfile, which stage should you scan for vulnerabilities to ensure the final image is secure?
AOnly scan the final stage image because it is the one deployed.
BScan only the first stage since it contains the base OS.
CScan all stages separately to catch vulnerabilities in build dependencies.
DScanning is unnecessary for multi-stage builds as they are secure by default.
Attempts:
2 left
💡 Hint
Think about hidden vulnerabilities in build stages.