diff --git a/docker-bench-security.sh b/docker-bench-security.sh index 2e7d0e6..71ff261 100755 --- a/docker-bench-security.sh +++ b/docker-bench-security.sh @@ -97,10 +97,15 @@ beginjson "$version" "$(date +%s)" main () { # If there is a container with label docker_bench_security, memorize it: benchcont="nil" + # Also exclude the bench container image from analysis, because it's a privileged for c in $(docker ps | sed '1d' | awk '{print $NF}'); do if docker inspect --format '{{ .Config.Labels }}' "$c" | \ grep -e 'docker.bench.security' >/dev/null 2>&1; then benchcont="$c" + benchcontimg="nil" + temp=$(docker inspect --format '{{.Config.Image}}' $benchcont) + benchcontimg=$(docker image ls -q $temp) + info "Excluding container $benchcont and image $temp : $benchcontimg" fi done diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh index 0df2676..1562843 100644 --- a/tests/4_container_images.sh +++ b/tests/4_container_images.sh @@ -12,7 +12,7 @@ if [ -n "$imgList" ]; then images="$images $sha256 " done else - images=$(docker images -q) + images=$(docker images -q | grep -v $benchcontimg) fi check_4() {