Sysdig LSP provides tools to integrate container security checks into your development workflow.
- Scans the runtime base image specified in your Dockerfile for vulnerabilities.
- Supports single-stage and multi-stage Dockerfiles (final runtime stage only).
- Displays actionable commands directly within the editor (e.g., initiating base image scans).
- Enables quick access to frequently performed actions.
- Builds and scans the entire final Dockerfile image used in production.
- Supports multi-stage Dockerfiles, analyzing final stage and explicitly copied artifacts from intermediate stages.
- Scans each Dockerfile layer individually for precise vulnerability identification.
- Supports detailed analysis in single-stage and multi-stage Dockerfiles.
- Scans the images defined in your
docker-compose.ymlfiles for vulnerabilities.
- Scans container images defined in Kubernetes manifest files for vulnerabilities.
- Supports Pods, Deployments, StatefulSets, DaemonSets, Jobs, and CronJobs.
- Displays a detailed summary of scan results when hovering over a scanned image name.
- Provides immediate feedback on vulnerabilities, severities, and available fixes.
See the linked documents for more details.