A pre-built Bad Dockerfile image is now available from Docker Hub. Just do a ‘docker pull imiell/bad-dockerfile’ and it’s all yours.
After a chat with Ian Miell who was having issues testing out various Docker image scanners I’ve created the Bad Dockerfile project. This is a simple utility which is made of vulnerable software with known CVEs. The idea is you can run it against various Docker image scanners and see which CVEs it catches and which ones it doesn’t. Give it a go and let me know.