Jorge Pino:
Guys, I have a question related to KodeKloud CKS course. On section Supply Chain there is a lesson for Use static analysis of user workloads (e.g. Kubernetes Resources, Docker files). Here we have an introduction to Kubesec for Kubernetes resource scanning but what tool can be used to analyse Dockerfiles?
Tej_Singh_Rana:
No tool available from exam point of view.
Jorge Pino:
@Tej_Singh_Rana Let’s say they ask me in the exam to analyse and fix (following the best practises) two files… From one side a k8s deployment yaml manifest and also Docker file. I know I can use kubesec for analysing the deployment manifest but… How would I analyse the Dockerfile?
Jorge Pino:
Actually, I know a tool called docker scan which does that analysis for you but you need to be registered to the Docker Hub
Jorge Pino:
not sure if I would be able to run that tool during the exam
sathishkumarmca:
so only option is manually check the docker file and fix the issue?
Jorge Pino:
Ok… Thanks guys!!! 