Tool comparison of Docker security scanner

Finding the right tool for the job can be difficult task. This sheet compares Clair, Docker Bench for Security, Dockerscan, and Lynis.

Tool comparison of Clair, Docker Bench for Security, Dockerscan, and Lynis
	Clair	Docker Bench for Security	Dockerscan	Lynis
Description	Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.	Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.	Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.	Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.
Dependencies			Python 3, booby-ng, click, colorlog, ndg-httpsclient, pyOpenSSL, pyasn1, python-dxf, requests
Strenghts	The source code of this software is available	More than 25 contributors Screen output is colored More than 3000 GitHub stars The source code of this software is available	More than 500 GitHub stars The source code of this software is available	The source code is easy to read and understand More than 100 contributors More than 8000 GitHub stars Tool is easy to use Available as package (simplified installation) Commercial support available Used language is shell script Very low number of dependencies Project is mature (10+ years) The source code of this software is available
Weaknesses
Programming language(s)	Golang	Shell script	Python	Shell script
Last release	4.8.0 (2024-10-09)	1.6.1 (2023-12-20)	Unknown	3.1.2 (2024-09-26)
Tool page (last updated)	2024-10-10	2024-09-15	2021-05-08	2024-09-28
Tool score	78	68	64	100
Download	Download	Download	Clone on GitHub	Download
More information	Clair review	Docker Bench for Security review	Dockerscan review	Lynis review

Related topics