Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

How to Use Snyk to Scan Images for Vulnerabilities

  • March 12, 2020
  • 4 min read
Cybersecurity Consultant. Benoit has extensive experience in cybersecurity strategy, infrastructure project management, and IT system engineering. He is a certified ISO 27001 Lead Implementer.
Cybersecurity Consultant. Benoit has extensive experience in cybersecurity strategy, infrastructure project management, and IT system engineering. He is a certified ISO 27001 Lead Implementer.


Scanning your images to verify that they are free of known vulnerabilities or exposures to enhance your security posture.

Snyk integrates with many different systems to offer a centralized security console. In this article we will first use Snyk

Assumption

  • Azure Container Registry (ACR) already exists
  • Admin user in your ACR is enabled and you have the credentials to connect to the registry
  • You already have a SNYK account (if not then create one at this address https://app.snyk.io/signup
  • Your images are pushed to the ACR. As a reminder, in order to push your images to ACR, use the following commands

Configure SNYK to integrate with your ACR

1. Go to Settings > Integrations then click on Edit settings for ACR

Configure SNYK to integrate with your ACR2. Enter the required information to connect to your ACR (information available in Settings > Access Keys of your ACR on the Azure portal)

Settings > Access Keys

3. Click on Save

Select the images to scan

Now that the integration with your ACR is done, you can add the images you need to scan

1. Click on Add your ACR images to Snyk

Click on Add your ACR images to Snyk

2. Select the image(s) you want to add and click on Add selected repositories

Add selected repositories

Once added, Snyk will start scanning your image(s), which might take a bit of time.

Dashboard

Once the image(s) has been added to Snyk, you can navigate to the dashboard to see the reports and the vulnerabilities found.

Navigate to the dashboard

Click on a specific image to see all the details

Arbitrarry Code Injection

Hey! Found Benoit’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!