Skip to content

A Dockerfile that creates an image with known vulnerabilities.

Notifications You must be signed in to change notification settings

ianmiell/bad-dockerfile

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bad Dockerfile

Overview

Reference Dockerfile containing software with known vulnerabilities.

Includes vulnerable binaries (bash shellshock, wget directory traversal) with CVE entries for testing Docker image scanning solutions.

For full details see: http://www.stindustries.net/docker/bad-dockerfile/

Created by Adrian Portelli.

Image available here: https://hub.docker.com/r/imiell/bad-dockerfile

But note that it's insecure!

How to

Pull an already-built image

docker pull imiell/bad-dockerfile

Build locally

If your build host can reach the Internet:

docker build -t imiell/bad-dockerfile ./

If your build host needs proxy settings to reach the Internet:

# Replace ... with exotic curl options for your build environment.
docker build -t imiell/bad-dockerfile --build-arg CURL_OPTIONS="..." ./

View labels

Each built image has labels that generally follow http://label-schema.org/

View a specific label, such as the image description:

docker inspect \
  -f '{{ index .Config.Labels "org.label-schema.description" }}' \
  imiell/bad-dockerfile

Query all the labels inside a built image:

docker inspect imiell/bad-dockerfile | jq -M '.[].Config.Labels'

About

A Dockerfile that creates an image with known vulnerabilities.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •