Skip to content

Releases: eZer-Net/docker-analyzer

Docker-analyzer v1.0.0-alpha — First public testing release

31 May 14:11
@eZer-Net eZer-Net
v1.0.0-alpha
6f80e41

Choose a tag to compare

View all tags
Docker-analyzer v1.0.0-alpha — First public testing release Pre-release
Pre-release

Docker-analyzer v1.0.0-alpha — First public testing release

First public testing release of Docker Analyzer.

Docker Analyzer is a local web dashboard for reproducible Docker image security analysis.
This alpha introduces the first public version focused on connecting policy templates, Docker image digest analysis, Trivy raw scan results, CWE enrichment, vulnerability cache data, and final read-only reports into one structured workflow.

Status

This is an alpha release intended for testing and early feedback.

The project is usable, but the UX details, service contracts, report views, and analysis workflow may still evolve in future releases.

Implemented in this version

Core analysis workflow

  • Policy-based Docker image analysis
  • Analysis start by request_id
  • Docker image digest input in image@sha256:... format
  • Per-image secret scanning option
  • Live analysis status tracking
  • Cancel, retry, edit, and reset actions for failed or canceled runs

Policy templates

  • System template support
  • User template creation
  • Template filtering by perimeter: INTERNAL, EXTERNAL, BOTH, ALL
  • Three-level template structure with CWE-based rules and weights
  • Local CWE catalog integration
  • Template summary saving for each analysis request

Scanner and readiness flow

  • Runtime readiness checks before scanning
  • Local Trivy DB metadata checks
  • Raw Trivy scan execution
  • Stored raw scan artifacts per request and per image

CWE enrichment and vulnerability cache

  • CWE mapping for vulnerabilities found in scan results
  • Vulnerability cache for reusable enrichment data
  • Support for vulnerability identifier families such as CVE-*, GHSA-*, GO-*, RHSA-*, TEMP-*, OSV-*, and other OSV-compatible identifiers
  • Views for mapped, unmapped, incomplete, and no-CWE vulnerability data

Final report views

  • Analysis overview by image
  • Final findings above the selected severity threshold
  • Policy-relevant findings
  • Findings with incomplete required data
  • Findings without CWE mapping
  • Read-only report API based on generated runtime artifacts

Architecture and entry points

  • React + Vite frontend
  • Express UI API gateway
  • Node.js orchestrator for pipeline execution
  • .NET services for templates, readiness, raw scanning, CWE resolving, and final reports
  • Docker Compose based local startup
  • Swagger/OpenAPI pages for backend services
  • Documentation available in English and Russian

Quick start

git clone https://github.com/eZer-Net/docker-analyzer.git
cd docker-analyzer
docker compose up -d --build

Main local URLs:

  • App: http://localhost:3000
  • UI API health: http://localhost:3000/api/healthz
  • Service A Swagger: http://localhost:8081/swagger
  • Service C Swagger: http://localhost:8082/swagger
  • Service D Swagger: http://localhost:8083/swagger
  • Service E Swagger: http://localhost:8084/swagger
  • Service F Swagger: http://localhost:8085/swagger
Loading