Tools compared: Docker security scanner

Finding the right tool can be difficult. This sheet compares Clair, Docker Bench for Security, Dockerscan and Lynis.

ClairDocker Bench for SecurityDockerscanLynis
Description

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.

Tool details

The tool has been created by CoreOS and can scan containers of different formats. It analyzes them and determines available security weaknesses in the container.

Thumbnail

Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

Dependenciesbooby-ng, click, colorlog, ndg-httpsclient, pyasn1, pyOpenSSL, Python 3, python-dxf, requests
StrenghtsThe source code of this software is availableScreen output is colored, More than 25 contributors, More than 2000 GitHub stars, The source code of this software is availableMore than 500 GitHub stars, The source code of this software is availableCommercial support available, More than 50 contributors, More than 3000 GitHub stars, Used language is shell script, Very low number of dependencies, Project is mature (5+ years), The source code of this software is available
Weaknesses
Programming language(s)Golangshell scriptPythonshell script
Last release

2.0.1 (2017-06-20)

1.3.2 (2017-03-30)

Unknown

2.5.6 (2017-10-27)

Tool page (last updated)

2017-09-18

2017-09-26

2017-09-17

2017-09-17

Tool score
76
68
64
100
DownloadDownloadClone on GitHubClone on GitHubDownload
More informationClair reviewDocker Bench for Security reviewDockerscan reviewLynis review