- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA Integrations and Plugins
- Checkmarx Docker Desktop Extension
Checkmarx Docker Desktop Extension
Overview
The Checkmarx Docker Desktop Extension helps you to strengthen the security posture of your Docker images by taking a proactive approach to safeguarding against vulnerabilities and aligning with industry best practices for secure containerization. This tool offers robust features such as comprehensive scanning, package inspection, and vulnerability assessment. It leverages Checkmarx proprietary database to provide users with valuable insights and recommendations for protecting images against potential security threats and maintaining the integrity of their containerized environments.
Main Features
Free tool
No Checkmarx account required
Notice
Soon we will be adding additional Premium features, which will be available specifically for Checkmarx customers.
Image scanning
Scan local Docker images
View a detailed breakdown of image layers
Package inspection
Inspect packages that are installed within your Docker images
Vulnerability assessment
Identify vulnerabilities associated with packages within your Docker images
Recommendations and remediation (Premium feature, COMING SOON)
Receive suggestions and recommendations for remediating identified vulnerabilities
Requirements
Verify that your system meets the following specifications in order to ensure optimal performance:
Operatingsystem compatibility
amd64: Windows, Linux, MacOS
arm64: MacOS M1
Docker compatibility
Docker Desktop version 4.26 and above
Resource requirements
Minimum 200MB disk space for the image to run
Minimum 8GB RAM
Supported Package Managers
NPM
Maven
Gradle
NuGet
Pip (PyPi)
Debian
Alpine
Ubuntu
SUSE
Oracle
Red Hat
Amazon
Download Link
The extension is available on Docker Marketplace. You can also install the extension directly from your Docker Desktop console as described below.
Installing the Extension
To install the extension:
In your Docker Desktop console, click on + Add Extensions and search for the Checkmarx extension.
Click Install.
Follow on-screen prompts to complete the installation process.
The Checkmarx extension is installed and the icon is shown in the Extensions section of the navigation pane.
Scanning Images
You can scan any image that you have in your Docker Desktop in order to get detailed information about its open source packages and the risks associated with those packages.
Notice
The extension stores scan results, so that if an image hasn’t been changed since the last scan, the results from that scan are shown and no new scan is initiated.
To scan an image and view results:
In the navigation pane, click on the Checkmarx extension.
The Checkmarx screen opens.
Click on the Select images field and select an image from the drop-down list.
Click on the Scan Image button.
When the scan completes, the results are shown. The initial view shows the Summary tab. You can view additional details in the Packages and Vulnerabilities tabs.
Viewing Scan Results
After scanning an image, the results screen is shown. There are two main sections:
Image & Layers
This pane shows a separate section for each build stage showing all layers within that stage, as well as the ALL section that includes all layers. Next to each item an icon indicates the overall risk level for that item.
This section serves as a navigation pane for the details tabs. When All is selected, all results are shown in the Vulnerabilities and Packages tabs. When a specific layer is selected, the Vulnerabilities and Packages tabs are filtered to show only results for that layer.
Details Tabs
Summary Tab
This tab shows a summary of the number of vulnerabilities, broken down by severity, identified in each build stage as well as for the overall image.
Note
This display isn’t affected by the selection made in the Image & Layers section.
Vulnerabilities Tab
This tab shows the vulnerabilities identified in each package. Click on a package to show the associated vulnerabilities. Drill-down further to see details about each vulnerability.
Notice
Use the search field at the top right to search by CVE or package name. Results are filtered as you type.
Packages Tab
This tab shows a list of packages that were identified. Click on a package to show detailed information about the package.
Notice
Use the search field at the top right to search by package name. Results are filtered as you type.