1
Install the CLI
Install the ImageSentinel CLI tool to interact with our registry and scan images locally.
terminal
npm install -g @imagesentinel/cli2
Authenticate
Login with your ImageSentinel account or API key.
terminal
# Interactive login
sentinel login
# Or use an API key
export SENTINEL_API_KEY=your-api-key
sentinel login --api-key3
Pull a Hardened Image
Pull a hardened base image from the ImageSentinel registry.
terminal
# Pull hardened Python image
docker pull registry.imagesentinel.io/python:3.12-hardened
# Or Node.js
docker pull registry.imagesentinel.io/node:20-hardened
# Or Go
docker pull registry.imagesentinel.io/go:1.21-hardened4
Update Your Dockerfile
Replace your base image with the ImageSentinel hardened version.
Dockerfile
# Before
FROM python:3.12
# After
FROM registry.imagesentinel.io/python:3.12-hardened
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]5
Verify Your Image
Scan and verify your image is CVE-free.
terminal
# Build your image
docker build -t myapp:latest .
# Scan for vulnerabilities
sentinel scan myapp:latest
✓ Image scanned: myapp:latest
✓ Critical: 0 | High: 0 | Medium: 0 | Low: 2
✓ Image meets security policyYou're all set!
You're now shipping hardened, CVE-free container images. Explore more features to get the most out of ImageSentinel.