DockerENT: analyze security issues with running containers


DockerENT is an activE ruNtime application security scanning Tool (RAST tool). It is a pluggable framework written in Python. It comes with a CLI application and a clean Web Interface written using StreamLit.

DockerENT has been designed to detect weak security misconfigurations in production deployments which can lead to severe consequences. This application connects with running containers in the system and fetches the list of weak and vulnerable runtime configurations and generates a report. If invoked through a web interface, it can display the scan and audit report in the UI itself.



  • Plugin driven framework.
  • Use low-level docker api to interact with running containers.
  • Clean and Easy to Use UI.
  • Comes with 9 docker scan plugins out of which, 6 plugins can audit results.
  • Framework ready to work docker-networks.
  • Output plugins can write to file and html sinks.
  • The only open-source interactive docker scanning tool.
  • Can run plugins in parallel.
  • Underactive development 😄.

Plugins Features:

Plugin Name Plugin File Feature Audit
CMD_HISTORY File Identify shell history Root history and User shell history
FILESYSTEM File Identify RW File Systems If RW file systems are present.
NETWORK File Identify Network state Identifies All mapped ports.
PLAINTEST_PASSWORD File Identify password in different files
SECURITY_PROFILES File Identify Weak Security Profiles List Weak security profiles.
USER_INFO File Identify user info List permissions in passwd and other sensitive files
SYSTEM_INFO File Identify docker system info No Audit
FILES_INFO File Identify world writeable directories and files List all such files.
PROC_INFO File Identify the list of process in the docker system

CLI interface


  • Rich Logging interface can help in easy debugging through extensive debug logs.
  • Can run in parallel, just pass -n <count>, to specify the processors in parallel.
  • Can dump output in JSON and HTML file.


  • The audit output is not dumped to file.
  • Selecting multiple specific dockers is pain.

UI Interface


  • Clean, and easy to use UI.
  • Everything at one single page.
  • Ease of selecting multiple docker images, multiple plugins, and multiple docker-networks.
  • Audit report present.


  • Logging interface, not Rich.
  • JSON reports are bulky.
  • Rely on third party lib StreamLit, all issues with the framework are inherent.

Install & Use

Copyright (c) 2020 Rohit Sehgal