Bird
0
0

You want to automate vulnerability scanning in your CI pipeline for image webapp:prod. Which approach is best?

hard📝 Best Practice Q15 of 15
Docker - Security
You want to automate vulnerability scanning in your CI pipeline for image webapp:prod. Which approach is best?
AAdd a step to run <code>docker scan webapp:prod</code> and fail if vulnerabilities found
BOnly scan images manually before deployment
CUse <code>docker build</code> with a scan flag to auto-scan
DIgnore scanning and rely on OS firewall for security
Step-by-Step Solution
Solution:

  1. Step 1: Understand automation needs

    Automating scanning in CI means running docker scan during build or test steps.

  2. Step 2: Evaluate options

    Manual scanning misses automation benefits; docker build has no scan flag; ignoring scanning is unsafe.

  3. Final Answer:

    Add a step to run docker scan webapp:prod and fail if vulnerabilities found -> Option A

  4. Quick Check:

    Automate scan + fail on issues = best practice [OK]
Quick Trick: Automate scans in CI, fail on vulnerabilities [OK]
Common Mistakes:
  • Skipping automation and scanning manually
  • Expecting docker build to scan automatically
  • Ignoring scanning for security

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Capabilities and privilege control - Quiz 1easy Docker Security - Security benchmarks (CIS Docker) - Quiz 2easy Docker Swarm - Manager and worker nodes - Quiz 3easy Docker Swarm - Deploying services in Swarm - Quiz 9hard Docker in CI/CD - Running tests in containers - Quiz 3easy Image Optimization - Why image optimization matters - Quiz 3easy Image Optimization - Scratch base image for minimal containers - Quiz 1easy Logging and Monitoring - Centralized logging setup - Quiz 6medium Resource Management - Storage driver options - Quiz 4medium Resource Management - Storage driver options - Quiz 9hard