šŸ“Š NEW! Voice of Practitioners 2024: The State of Secrets in AppSec

READ REPORT

šŸ“Š NEW! Voice of Practitioners 2024: The State of Secrets in AppSec

READ REPORT

Detect Secrets In Docker Images With ggshield - The GitGuardian CLI

Did you know that you can use ggshield to scan docker images for secrets?

Video Transcript

Did you know that you can use ggshield to
scan docker images for secrets? Docker is an extremely popular container platform,
with millions of developers creating many millions of images each year. An image is a template file that contains
instructions for creating a Docker container. A lot of those images get shared through places
like Dockerhub. And sometimes, images get shared unexpectedly
such as when you have a code leak. Just like with any other code, developers
often need to add authentication to various services or data sources into their setup. This brings a risk of adding credentials in
plaintext, which, while convenient, also makes you vulnerable to attacks. We built the

ggshield secret scan docker

command to help. ggshield is the command line interface for
GitGuardin, extending the full secret scanning power of the platform to the developer's terminal. With one simple command, anyone on your team
can quickly detect any hardcoded credentials inside a docker image. Simply type ggshield secret scan docker and
include the path to scan, and GitGuardian will scan each layer of that image, alerting
you to any secrets detected. You can run this before ever committing your
image to your git history, keeping your repos clean. You can also use ggshield inside of the CI
process, such as with GitHub Actions to automatically scan for secrets during the build process If the image isn't already present, ggshield
will try to pull the image to run the scan, just as we do with Pypi packages. Docker is a powerful way to build and scale
applications. Use ggshield to make sure you are safely sharing
your templates and not your secrets.

ā€