Title
Create new category
Edit page index title
Edit category
Edit link
CLI Scanner
MDSSC Scanner Docker Container
The MDSSC Scanner is a lightweight Docker container that enables you to scan files and directories remotely using the MetaDefender Software Supply Chain (MDSSC) API, without requiring UI access.
This makes it ideal for CI/CD pipelines, automated scanning, and command-line workflows.
Prerequisites
- Docker installed and running
- MDSSC server URL
- MDSSC API key (see Configuring an API Key)
- Docker image:
opswat/mdssc-scanner:latest
Quick Start
Scan a Single File
FILE="package-lock.json" docker run --rm \ -e MDSSC_SERVER="your-mdssc-url" \ -e MDSSC_API_KEY="your-api-key" \ -v $(pwd)/$FILE:/scan/$FILE \ opswat/mdssc-scanner \ /scan/$FILE- API Key Security: Never commit API keys to version control. Use environment variables or secret management systems in CI/CD pipelines.
- File Size Limits: Large files may take longer to scan. Adjust
SCAN_TIMEOUTaccordingly. - Network Access: The container requires network access to communicate with your MDSSC server.
Scan all files in a directory
DIR="project-folder"docker run --rm \ -e MDSSC_SERVER="your-mdssc-url" \ -e MDSSC_API_KEY="your-api-key" \ -v $(pwd)/$DIR:/scan \ opswat/mdssc-scanner:latestEnvironment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
MDSSC_SERVER | Yes | - | Your MDSSC server URL
(e.g., https://mdssc.com ) |
MDSSC_API_KEY | Yes | - | API key for authentication |
WORKFLOW_ID | No | - | Specific workflow ID to use for scanning |
SCAN_TIMEOUT | No | 300 | Maximum time to wait for scan completion (seconds) |
POLL_INTERVAL | No | 5 | Interval between status checks (seconds) |
FAIL_ON_VULNERABILITIES | No | false | Exit with error code 2 if vulnerabilities found |
VULNERABILITY_THRESHOLD | No | high | Minimum severity to fail on:critical , high , medium, low |
Configuring API Limit
To configure the API limit for file uploads, you need to edit the customer configuration file located at /etc/mdssc/customer.env. Add the following environment variable to specify the maximum file size allowed for direct file uploads:
DIRECT_FILE_UPLOADSIZE_MB=256By default, the value is 128 MB. Adjusting this setting ensures the API accepts file uploads up to the specified size.
After making the change, restart the MDSSC service for the new configuration to take effect. Always align this value with your organization’s requirements and security policies.
