Finding leaked secrets in your Docker image with a scanner
If you’re not careful, you can end up with a private SSH key, AWS access token, or password embedded in your Docker image.
That means anyone who access the image will be able to get that secret, and potentially use it to gain further access to additional systems.
While you can and should take steps to prevent leaking secrets in the first place, it’s still useful to catch leaks if they do happen.
If you can catch the leak before you push the image to a remote registry, no harm done.
That’s where a secrets scanner comes in handy: it can automatically catch secrets, up to a point anyway.
Recap: how secrets get leaked in Docker images
Here’s an example of a Dockerfile that