Docker Integration Guide

Run Vulnetix CLI as a Docker container for security scanning. Volume mount your workspace and reports for SARIF, CycloneDX, SPDX upload.

Add Vulnetix to Docker

Create docker run and run the Vulnetix CLI in your Docker pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:

docker run --rm \
  -v $(pwd):/workspace \
  -v $(pwd)/reports:/reports \
  -w /workspace \
  -e VULNETIX_ORG_ID \
  vulnetix/vulnetix:latest \
  scan

docker run --rm \
  -v $(pwd)/reports:/reports \
  -e VULNETIX_ORG_ID \
  vulnetix/vulnetix:latest \
  upload --file /reports/results.sarif

Why run Vulnetix in Docker?

Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Docker pipeline gates merges on what is actually exploitable, not raw scanner noise.

All CI/CD integrations →  ·  All scanner integrations →