dockdiver

Scan Docker Hub for secrets

$ dockdiver -u [username]

$ dockdiver -i [image:tag]

$ dockdiver -u [username] -o [results.txt]

$ dockdiver -i [image:tag] -p [patterns.json]

dockdiver [options]

dockdiver is a security tool for analyzing Docker images and Docker Hub repositories for exposed secrets, credentials, and sensitive information. It scans image layers to identify potentially dangerous data leakage.
The tool searches for common secret patterns including API keys, passwords, private keys, and credentials embedded in Docker images. It can scan individual images or entire user repositories.
dockdiver helps security teams audit container images before deployment and identify credential exposure in public registries.

-u USERNAME

Docker Hub username to scan.

Specific image to analyze.

Output file for results.

Custom pattern file.

Verbose output.

Display help information.

Scanning large images may take time. Some secrets may be obfuscated or encoded. Only scans accessible images. Pattern matching may produce false positives.

dockdiver was created as a security research tool to address the widespread problem of secrets being accidentally committed to Docker images. It automates the discovery of exposed credentials in container registries.

dive(1), trivy(1), grype(1)