Will a DTR security scan detect this?
private keys copied to the image
Will a DTR security scan detect this?
private keys copied to the image
B. No Docker Trusted Registry (DTR) security scanning is designed to detect vulnerabilities in the software and dependencies within container images, such as known security issues in packages or libraries. It is not specifically designed to detect the presence of private keys or other sensitive information that may have been copied into an image.
Aggressively searching for private keys could lead to many false positives, as certain patterns might resemble keys but not actually be them
DTR’s built-in security scans focus on detecting vulnerabilities and ensuring compliance with security policies