Mastering Docker: A Beginner’s Guide to ENTRYPOINT, CMD, and Docker Scout for Security Scanning

 

Understanding ENTRYPOINT vs CMD in Docker

When working with Docker, it’s crucial to understand the difference between ENTRYPOINT and CMD in a Dockerfile:

  • ENTRYPOINT: This is used to specify a fixed command that always runs when the container starts. The arguments defined in ENTRYPOINT cannot be easily overridden at runtime.
  • CMD: This is more flexible. It provides default arguments for ENTRYPOINT or serves as the main command if ENTRYPOINT is not specified. You can override CMD at runtime by passing different arguments when you start the container.

Introduction to Docker Scout

Now, let’s talk about Docker Scout, a tool designed to scan Docker images for security issues and vulnerabilities. It generates a detailed report highlighting any potential risks.

Installing Docker Scout

Docker Scout is not pre-installed, so you’ll need to install it manually. Here’s how:

  1. Create a directory for Docker Scout:
  • mkdir -p $HOME/.docker/scout

2. Download the installation script:

  • curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh

3. Run the installation script:

  • sh install-scout.sh

After running these commands, Docker Scout will be installed.

Logging into Docker Hub

To use Docker Scout, you need to log in to Docker Hub:

  1. Run the login command:
  • docker login

2. Enter your Docker Hub credentials:

  • Usernamebrillertechnologies
  • Password: Use your personal access token (PAT).

Once logged in, you can start using Docker Scout.

Scanning Images with Docker Scout

To scan an image for vulnerabilities, use the following command:

docker scout cves mysql:latest

This command will scan the mysql:latest image and list any Common Vulnerabilities and Exposures (CVEs) found.

Understanding Docker Hub

Docker Hub is a platform similar to GitHub but for Docker images. You can:

  • Create an account (using your GitHub or Google account if you prefer).
  • Push and pull Docker images to and from the platform.

Example: Working with Docker Hub

Let’s say you have a mysql:latest image, and you want to push it to your repository:

  1. Tag the image:
  • docker image tag mysql:latest brillertechnologies/mysql:latest

2. Push the image:

  • docker push brillertechnologies/mysql:latest

3. Pull the image:

  • docker pull brillertechnologies/mysql:latest

By following these steps, you can efficiently manage your Docker images on Docker Hub.

YouTube Link: https://youtube.com/@raeesq.?si=v_QK6Q2XXMf9mKep

Feel free to share this guide and stay connected!

Comments

Post a Comment

Popular posts from this blog

📘 Understanding Prometheus in a Simple Way-Part 3 (For DevOps Beginners)

Image
 In our previous blogs, we have already covered: How to launch an EC2 instance (Link: https://medium.com/@raeesyaqubqazi/prometheus-and-grafana-project-part-1-by-raees-yaqoob-qazi-12eb5c431350 ) How to run our Notes App inside a Docker container (Link: https://medium.com/@raeesyaqubqazi/prometheus-and-grafana-project-part-1-by-raees-yaqoob-qazi-12eb5c431350 ) How to install cAdvisor to collect container-level metrics (Link: https://medium.com/@raeesyaqubqazi/monitoring-containers-with-cadvisor-part-2-of-my-previous-blog-series-cec2452b1ba5 ) Today, we will move one step ahead and learn Prometheus , which will collect the metrics generated by cAdvisor. 🔍 What Is Prometheus? Before understanding Prometheus, let’s talk about how data is stored in databases . ✔️ Relational Databases (MySQL, PostgreSQL) Data is stored in rows and columns  — like an Excel sheet. ✔️ Prometheus (TSDB — Time Series Database) Prometheus does NOT store data in tables.  It stores data in Time Series fo...
Read more

Grafana Setup & Dashboard Creation (Part-5)— Explained by Raees Yaqoob Qazi

Image
 Today, I’m going to talk about Grafana . Grafana is a powerful tool used to create dashboards and visualize data . As DevOps engineers, monitoring is very important, and Grafana makes it easy to understand system performance. Part-1:  https://brillertechnologies.blogspot.com/2025/11/prometheus-and-grafana-projectpart-1-by.html Part 2:  https://brillertechnologies.blogspot.com/2025/11/monitoring-containers-with-cadvisorpart.html Part 3:  https://brillertechnologies.blogspot.com/2025/12/understanding-prometheus-in-simple-way.html Part 4: https://brillertechnologies.blogspot.com/2025/12/understanding-prometheusmonitoring-made.html 1. Running Grafana Using Docker Compose First, I use Docker Compose to run Grafana. Open your docker-compose.yml file: vim docker-compose. yml Add the Grafana service: grafana: image: grafana/grafana-enterprise container_name: grafana restart: unless-stopped ports: - "3000:3000" Save and exit with:   :wq Then run: d...
Read more

My First Python Program: A Simple Calculator

Image
 Today, I am going to create a simple calculator using Python . This might be your first code ever , and honestly, this is also my first Python code . So don’t worry — we are learning together. Let’s start step by step. Step 1: Open VS Code First, open Visual Studio Code (VS Code) . Step 2: Create a Folder and a File Create a new folder (you can name it anything). Inside the folder, create a new file. In my case, I named the file first.py . 👉  .py is the file extension for Python , just like: .cpp for C++ .java for Java Step 3: Write the Python Code Now, write the following code in first.py : num1 = float ( input ( "Enter num 1: " ) ) # Taking first number from the user num2 = float ( input ( "Enter num 2: " ) ) # Taking second number from the user opr = input ( "Enter operator: " ) # User selects the operator (+, -, *) if opr = = "+" : # If operator is + output = num1 + num2 if opr = = "-" : # If operator is - ...
Read more