Creating a python package for finding security security vulnerabilities in Dockerfiles

This article will be covering how to create a simple python package that will be used to scan and analyze your Dockerfile configuration. We will be discussing mostly on how to create a python package and a little bit on the various checks created (it’s still a work in progress).

1. Creating the folder structure

This is how the folder structure should look like — you can also download the GitHub repository.

Some of the files shown above are part of the use-case. So first step is to create a folder called “docker_checks”. Inside this folder you need to have an __init__.py (in our case it is left empty). The folder also has the relevant python files that will be used in our package. One of the sample check files look like this —

Apart from that, outside the folder you should create a setup.py which looks like this —

2. Installing the package and pushing the file to pypi

You need to run the following lines of code in your terminal or cmd to setup your package and upload it to pypi respository (you will have to create an account here)

python setup.py sdist bdist_wheel

twine upload dist/*

After you are done you can access it in your repositiory on the portal. You can also check it by running —

pip3 install docker-checks==0.0.1

3. Testing out our package

In the GitHub repo, I have created a test.py that includes referencing the various python files we have created and calling their main functions. In your terminal —

python3 test.py

So in conclusion, the security checks deployed right now are very basic (for example in case of check_arg_env it just displays a warning if it finds those keywords in the Dockerfile). In case you want to contribute, simply fork and create a PR.