VOOZH about

URL: https://apify.com/frayess_mosbehi/docker-hub-vulnerability-scanner

โ‡ฑ Docker Hub Image Vulnerability Scanner ยท Apify

๐Ÿ‘ Docker Hub Image Vulnerability Scanner avatar

Docker Hub Image Vulnerability Scanner

Pricing

Pay per usage

Go to Apify Store

Docker Hub Image Vulnerability Scanner

Scans Docker Hub image tags for metadata and queries NVD, OSV, and CISA KEV CVE databases to produce a vulnerability report.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

๐Ÿ‘ firas_mosbehi

firas_mosbehi

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

2 days ago

Last modified

Share

Scans Docker Hub image tags for metadata and queries public CVE databases to produce a vulnerability report.

What it does

This Actor takes a list of Docker image references (e.g., nginx:alpine, python:3.11-slim) and returns:

  • Image metadata from Docker Hub: name, description, pull count, last pushed, official status, tag list, architectures, size.
  • Inferred base OS/distribution from the tag name (e.g., bookworm, alpine3.18, noble).
  • Vulnerability findings from:
    • NVD โ€” NIST National Vulnerability Database (CVE records, CVSS scores)
    • OSV.dev โ€” Open Source Vulnerabilities database (package-level CVEs, fixed-in versions)
    • CISA KEV โ€” Known Exploited Vulnerabilities catalog
  • Optional deep scan โ€” pulls image manifests and layer blobs to enumerate installed OS packages (dpkg/apk) and query OSV for package-level CVEs.

Input

{
"images":["nginx:alpine","python:3.11-bookworm","bitnami/redis:7.0"],
"includeMetadata":true,
"cveSources":["nvd","osv","cisa-kev"],
"minSeverity":"HIGH",
"maxCvesPerImage":50,
"includeManifest":false,
"deepScan":false
}
FieldTypeDefaultDescription
imagesarrayrequiredDocker images to scan (namespace/repo:tag)
includeMetadatabooleantrueInclude Docker Hub metadata
cveSourcesarray["nvd", "osv", "cisa-kev"]CVE sources to query
minSeveritystring"HIGH"Minimum severity (LOW, MEDIUM, HIGH, CRITICAL)
maxCvesPerImageinteger50Max CVEs per image (0 = unlimited)
includeManifestbooleanfalseFetch manifest digest (uses Docker Hub pull limits)
deepScanbooleanfalsePull image layers to enumerate packages (uses pull limits, slower)
dockerHubUsernamestringoptionalFor authenticated Registry API requests
dockerHubPasswordstringoptionalFor authenticated Registry API requests
nvdApiKeystringoptionalRaises NVD rate limits
proxyConfigurationobject{useApifyProxy: false}Apify proxy settings

Output

One dataset item per image:

{
"image":"nginx:alpine",
"normalizedImage":"library/nginx:alpine",
"success":true,
"scanConfidence":"heuristic",
"dataSources":["nvd","osv","cisa-kev"],
"metadata":{
"name":"nginx",
"description":"Official build of Nginx.",
"lastPushed":"3 days ago",
"pullCount":16188286,
"official":true,
"tags":[...]
},
"inferredBase":"Alpine Linux",
"cveSummary":{"CRITICAL":1,"HIGH":1,"MEDIUM":0,"LOW":0,"UNKNOWN":0},
"topVulnerabilities":[
{
"id":"CVE-2025-34203",
"severity":"CRITICAL",
"score":9.8,
"description":"...",
"dataSource":"nvd"
}
]
}

With deepScan enabled, the output also contains imageConfig and packages:

{
"scanConfidence":"deep",
"imageConfig":{"architecture":"amd64","os":"linux"},
"packages":[
{
"name":"openssl",
"version":"3.0.11-1~deb12u2",
"ecosystem":"Debian",
"vulnerabilities":[...]
}
]
}

Pricing

Pay Per Event โ€” charged per image scanned.

Limitations

This Actor performs metadata/heuristic scanning by default. It does not pull image layers unless Deep scan is enabled. Deep scan improves accuracy by enumerating dpkg/apk packages and querying OSV, but it is still slower and consumes Docker Hub pull limits.

NVD availability can vary; the Actor automatically retries transient errors and falls back to OSV and CISA KEV when NVD is slow or unavailable.

You might also like

๐Ÿณ Docker Hub Scraper โ€” Images & Pull Counts

nexgendata/dockerhub-scraper

Extract Docker Hub image data โ€” pull counts, tags, descriptions, maintainers, version history. Snyk, Anchore & Sysdig alternative for container intelligence, SBOMs, supply-chain audits and DevOps dashboards. Pay per image.

Docker Hub Container Images Scraper

parseforge/docker-hub-images-scraper

Search Docker Hub for container images. Returns repository name, owner, full and short description, official/automated/verified flags, star count, total pull count, last updated, available tags. Search by keyword or look up specific images by name with full tag listings.

PyPI Packages Scraper

parseforge/pypi-packages-scraper

Pull Python package data from PyPI. Returns name, version, summary, description, classifiers, license, author, project URLs (homepage, source, issues, docs), Python version requirement, dependencies, release history, last upload, and total release count. Direct lookup by package name.

RubyGems Scraper | Ruby Package Registry and Stats

parseforge/rubygems-scraper

Scrape RubyGems package registry data including gem names, versions, downloads, authors, dependencies, runtime requirements, source code repositories, project URLs, and release dates. Extract metadata for monitoring, security audits, and developer ecosystem analysis

PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.

Docker Image Update Scraper

taroyamada/dockerhub-image-intelligence

Track public container repositories on a strict schedule to instantly detect tag drift, newly published versions, and storage size changes.

Docker Hub Scraper | Container Image Metadata

parseforge/dockerhub-scraper

Scrape Docker Hub repositories for image names, descriptions, pull counts, star ratings, tags, last updated dates and publisher details. Track container popularity, monitor official images and build datasets of the Docker ecosystem for DevOps research and tooling

npm License & Deprecation Checker

taroyamada/npm-package-intelligence

Audit npm libraries for deprecated versions, abandoned repositories, and specific open-source licenses to maintain healthy JavaScript supply chains.