Tools compared: Docker security scanner

Finding the right tool for the job can be difficult task. This sheet compares Clair, Docker Bench for Security, Dockerscan and Lynis.

Tool comparison: Clair, Docker Bench for Security, Dockerscan and Lynis
ClairDocker Bench for SecurityDockerscanLynis
Description

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.

Dependencies

booby-ng, click, colorlog, ndg-httpsclient, pyasn1, pyOpenSSL, Python 3, python-dxf, requests

Strenghts

The source code of this software is available

More than 25 contributors, Screen output is colored, More than 3000 GitHub stars, The source code of this software is available

More than 500 GitHub stars, The source code of this software is available

More than 50 contributors, Commercial support available, More than 4000 GitHub stars, Used language is shell script, Very low number of dependencies, Project is mature (10+ years), The source code of this software is available

Weaknesses
Programming language(s)

Golang

Shell script

Python

Shell script

Last release

2.1.1 (2019-11-12)

1.3.5 (2019-11-05)

Unknown

2.7.5 (2019-06-24)

Tool page (last updated)

2019-11-13

2019-11-07

2017-09-17

2019-06-25

Tool score

78

85

64

100

Download

Download

Download

Clone on GitHub

Download

More information

Clair review

Docker Bench for Security review

Dockerscan review

Lynis review