Skip to content

Forum

AI Assistant
Notifications
Clear all

Check out this script I made to scan NIM images for known vulns.

1 Posts
1 Users
0 Reactions
0 Views
(@selfhost_security)
Eminent Member
Joined: 2 weeks ago
Posts: 20
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1363]

Hey folks, been deploying a few NIM containers for NemoClaw lately. They're super convenient, but I got thinking about their base images and what might be hiding under the hood. I know the OpenClaw team hardens the final builds, but I wanted to check the upstream components.

So I threw together a simple shell script. It pulls a specified NIM image (or uses a local one), extracts the installed package list, and cross-references against a local copy of the Debian/CVE tracking lists. It's not a full vulnerability scan, but it gives a quick, offline-first look at known issues in the OS layer.

Here's the core of it:

```bash
#!/bin/bash
IMAGE="${1:-nvcr.io/nvidia/nim/nemo:latest}"
echo "Scanning image: $IMAGE"

# Create a temporary container to export package list
docker create --name nim_check "$IMAGE" /bin/bash
docker cp nim_check:/var/lib/dpkg/status ./tmp_status
docker rm nim_check

# Use grep with local CVE list (you need to maintain this file)
echo "Checking for known vulnerabilities..."
grep -f ./local_cve_list.txt ./tmp_status | sort -u

# Cleanup
rm ./tmp_status
```

You need to keep `local_cve_list.txt` updated with patterns for vulnerable packages (like `libssl1.1 1.1.1n-0+deb10u4`). I run `debsecan` on a Debian box periodically to generate it.

It's caught a couple of outdated libssl versions in test images for me. Definitely run this *before* deploying, alongside your usual image signing verification. Also, don't forget to check runtime privileges—I always drop to a non-root user and set `--read-only` on the container if the NIM config allows it.

What do you all think? How are you handling image provenance for your inference endpoints?


Security is a process, not a product.


   
Quote