GSoC: Week 12: Scanning docker

Published: 08/17/2020

What did I do this week?

I was working on documentation this week. I have added how-to guide for scanning a docker image which was requested by our user. I have listed 2 different ways to scan a docker image:

  1. Install cve-bin-tool inside a docker instance and scan the directory just how you would normally and export report to the host.
  2. Export directory you want to scan from container to host and scan it on the host

I have also discussed pros and cons of both methods. I have also found out that when multiple file contains same product, CVEScanner perform unnecessary database IO and It can be performance bottleneck. So, I have short-circuited the flow in case product has already been scanned. I have also fixed filename generation bugs mentioned by Harmandeep Singh. I have also reviewed exclude path PR.

What am I doing this week? 

I have some documentation part left to do and I am also going to improve tests for module I have created and will also go through entire code base and add appropriate comments and docstrings for new contributors in these last 2 weeks.

Have I got stuck anywhere?

No, I didn't get stuck this week.