What is Pasonaru Security Essentials?
Pasonaru Security Essential (PSE) is a tool for diagnosing and fixing common security problems arising when creating and maintaining containers. Use this tool to evaluate the security of the Docker containers you have deployed and to increase your knowledge about the different security aspects of Docker containers.
We support two options for running PSE. One is inside the dedicated container and another one as a standalone executable. Please find more details on both below.
If you find any issue or have a feature request, please file it in our Github repository.
How to run
docker run --pid=host -c=10 -m=4m -v=/var/run/docker.sock:/var/run/docker.sock pasonaru/pse <args>`
docker run --pid=host -it -v /var/run/docker.sock:/var/run/docker.sock --rm pasonaru/pse diagnose
CONTAINER ID CONTAINER NAME STATUS ISSUE_COUNT
4f47007af3b770db /condescending_curie Vulnerable 6
70c02847ac0cf021 /elated_tesla Vulnerable 7
Stand alone tool
It is also possible to use a stand alone tool. Please install using the following:
$ sudo curl -L -o /usr/bin/pse https://github.com/pasonaru/public/raw/master/bin/pse/latest/pse
$ sudo chmod a+x /usr/bin/pse
Then just run the
In case you receive the following error:
flag provided but not defined: --pid
You might be using an old docker client (version < 1.5).
As a workaround, you can remove the --pid flag but note that some diagnostics will be disabled.
For more information see [about PSE] (https://www.pasonaru.com/aboutpse.html).