CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

Detect Secrets In Docker Images With ggshield - The GitGuardian CLI

Did you know that you can use ggshield to scan docker images for secrets?

Video Transcript

Did you know that you can use ggshield to scan docker images for secrets? Docker is an extremely popular container platform, with millions of developers creating many millions of images each year. An image is a template file that contains instructions for creating a Docker container. A lot of those images get shared through places like Dockerhub. And sometimes, images get shared unexpectedly such as when you have a code leak. Just like with any other code, developers often need to add authentication to various services or data sources into their setup. This brings a risk of adding credentials in plaintext, which, while convenient, also makes you vulnerable to attacks. We built the `ggshield secret scan docker` command to help. ggshield is the command line interface for GitGuardin, extending the full secret scanning power of the platform to the developer's terminal. With one simple command, anyone on your team can quickly detect any hardcoded credentials inside a docker image. Simply type ggshield secret scan docker and include the path to scan, and GitGuardian will scan each layer of that image, alerting you to any secrets detected. You can run this before ever committing your image to your git history, keeping your repos clean. You can also use ggshield inside of the CI process, such as with GitHub Actions to automatically scan for secrets during the build process If the image isn't already present, ggshield will try to pull the image to run the scan, just as we do with Pypi packages. Docker is a powerful way to build and scale applications. Use ggshield to make sure you are safely sharing your templates and not your secrets.