Docker Integration for vcn

Docker container


Out-of-the-box integration

vcn supports local Docker installations out of the box using docker:// as a location. You just need to point to the correct container image name or the container image id.


Sign a local Docker image

vcn uses Docker default schemes, so the latest tag is automatically used if no tag is given. For example:

vcn sign docker://hello-world


Or use the command with a tag:

vcn sign docker://hello-world:v1


*To be able to sign, you need to register at CodeNotary for a free account.


Verify a local Docker image

Use the following command:

vcn verify docker://hello-world


Or use the command with a tag:

vcn verify docker://hello-world:v1


Docker Sidecar Integration

vcn also offers a sidecar project, you can use to automatically verify used container images during runtime.


Check out ( on your server. The tool continuously verifies the integrity of your containers:

 git clone 


Edit the verify file and set the alerting/monitoring tool you are using (see the following instructions), if you want to change the alerting


Make sure /var/run/docker.sock is accessible and run the following command on your server within the vcn-watchdog directory.

docker-compose build && docker-compose up 


To modify the verify file, hook up your alerting tool into the err() function.


Example using Slack, do the following:

  • Create a Slack Bot (Slack documentation here)
  • Use the following code:
function err() {
    echo "Container ${1} (${2}) verification failed" >&2
    curl -q -X POST \
        -H 'Content-type: application/json' \
        --data "{\"text\":\"Container ${1} (${2}) verification failed\"}" \
        "$TOKEN/$KEY" > /dev/null 2>&1} 


If all works well, you should receive slack messages in your slack channel


Slack alert based on vcn verify