Configuring a container to access scan artifacts

To scan an application using a Docker container, the respective files must be made available to the container: volume mount the directory containing scan artifcats to the Docker container.

Docker supports the option “--volume | -v” to mount a volume to a container.

For example, to mount the path /host_machine_workspace/simpleIOT/ from the host machine (where Docker is installed to the container’s path /container_workspace/simpleIOT/:
docker run -it --rm --env-file ./env.list --volume
  • Specify necessary permissions to the mounted directory such that a scan executed from the container can perform the necessary file operations. For example, the files/folders should have at least 755 permissions and should be added to root group.
  • All path references within the .paf/.ppf files should be resolvable within the container.