Enforcing familiarization with the different software pieces is not feasible for already overworked teams, and many people we have talked to do not even know if they have a specific configuration file or not, let alone where to find it.

So we decided: Let's create a simple tool that automates the discovery of configuration files inside containers and scans them in CoGuard in seconds!  

Since Docker containers are everywhere, we decided that their associated images are a good starting point and established an open source project, coguard-cli, which is published online here.

With coguard-cli, users now have a tool in their toolkit to secure the image and ensure that best practices are being followed.

Installation and use

Say you are using a Docker image, which you either created yourself or pulled from a repository like DockerHub. For demonstration purposes, let us use the image for `mysql`.

You can now install the coguard-cli via pip (pip install coguard-cli) and run

coguard docker-image mysql

If you run it for the first time, you need to accept the Terms of Service and Privacy policy by signing up with your email.

Here is a screenshot on part of the output:

CoGuard cli output example

As you can see, CoGuard also analyzes the last Dockerfile used.

Now you know that there is a configuration inside the image: /etc/mysql/my.cnf

With this, and the Dockerfile recommendations, you can alter or create a Dockerfile pulling from the original image, and fixing the outlined issues, until you have a solid image which is ready to be used in any of your environments.

A summary of your scans is also captured on our web-portal (, where you can log in and see your scans and trends over time.

What is next?

Overall, what matters is YOU. We want to hear from YOU as to how YOU would love this project to progress. It is open source, hence everyone can contribute. We want to see better infrastructure, and it starts with the smallest components: The containers themselves.

Here is our current rough plan of action, which may be subject to change:

Over time and with this community's input, we will be releasing more supported software that can be installed and configured inside your image and expanding this project beyond Docker images.

In a series of blog articles that we release soon, we are going to talk about how to include this tool into the different CI/CD pipelines you have out there. Stay tuned.

In the meantime, if you are interested in the back story and inspiration that led us to start this project, you can read more here.

Useful links


Similar integrations.

View all resources

Command line shell for file discovery and autoremediation

Progress Chef

Explore a test environment

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Check out and explore a test environment to run infra audits on sample repositories of web applications and view select reports on CoGuard's interative dashboard today.