The Compose File option in Azure DevOps matches the flag –composefile in the scanner command. This allows the scanner to pull a list of images from the image line in the docker-compose file and thus scanning those images. 


Below is the detailing with evident screenshots showcasing the Docker Compose File option represents –composefile and that allows us to read a compose file and find the images within based on the image line


In Azure plugin finds all the images from compose file and scans all the images which are available in composefile.



The Pipeline YAML configuration looks like below


The output of the Pipeline Job successfully post Scanning 


2020-11-05T14:10:53.9362392Z ##[section]Starting: Image Scanning
2020-11-05T14:10:53.9372310Z ==============================================================================
2020-11-05T14:10:53.9372724Z Task         : Aqua Security
2020-11-05T14:10:53.9373054Z Description  : Security Assessment for Images
2020-11-05T14:10:53.9373470Z Version      : 4.1.12
2020-11-05T14:10:53.9373724Z Author       : aquasec
2020-11-05T14:10:53.9374570Z Help         : This task scans a Docker image for security vulnerabilities and compare it against an image assurance policy. You should add this task after a step that builds a Docker image and before a step that pushes the image to a registry.
2020-11-05T14:10:53.9375330Z ==============================================================================
2020-11-05T14:10:54.0687243Z [command]/bin/bash /home/vsts/work/_tasks/aquasecScanner_53872c9a-a53f-4fcf-973d-8ded3d75432c/4.1.12/dockerTask.sh --composefile dockercompose.yml --server http://host.com:8080/ --user *** --password *** --scanner registry.aquasec.com/scanner:5.0 --file-prefix AquaSecurity --scan-type hosted --registry Docker --image
2020-11-05T14:10:54.0928834Z 
2020-11-05T14:10:54.0929956Z The following images will be scanned:
2020-11-05T14:10:54.0937890Z traefik:v1.7.26
2020-11-05T14:10:54.0939405Z svendowideit/traefik-certdumper:latest
2020-11-05T14:10:54.0939814Z ubuntu:latest
2020-11-05T14:10:54.0940074Z "alpine:latest"
2020-11-05T14:10:54.0940315Z 
2020-11-05T14:10:54.0956550Z docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp registry.aquasec.com/scanner:5.0 scan --user *** --password *** --host http://host.com:8080/ --registry Docker traefik:v1.7.26 --jsonfile /tmp/out.json --htmlfile /tmp/out.html > /dev/null
2020-11-05T14:10:54.8908057Z Unable to find image 'registry.aquasec.com/scanner:5.0' locally
2020-11-05T14:11:00.9133918Z 5.0: Pulling from scanner

2020-11-05T14:11:10.4309714Z Status: Downloaded newer image for registry.aquasec.com/scanner:5.0
2020-11-05T14:11:14.7455205Z 2020-11-05 14:11:14.743	�[34mINFO�[0m	Registering with server	{"os": "linux", "os_version": "", "registries": []}
2020-11-05T14:11:14.9609405Z 2020-11-05 14:11:14.959	�[34mINFO�[0m	Successfully registered	{"scanner_id": 14}
2020-11-05T14:11:15.2637527Z 2020-11-05 14:11:15.262	�[34mINFO�[0m	Connecting to registry...	{"registry": "Docker", "image": "traefik:v1.7.26", "requested platform": "amd64:::", "job ID": "8535bd23-aeea-4f9b-890b-16b6ca84f1a3", "server version": "5.0.409a4f852d"}

2020-11-05T14:11:19.8140885Z 2020-11-05 14:11:19.813	�[34mINFO�[0m	Scan successfully completed.
2020-11-05T14:11:20.0218495Z docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp registry.aquasec.com/scanner:5.0 scan --user *** --password *** --host http://host.com:8080/ --registry Docker svendowideit/traefik-certdumper:latest --jsonfile /tmp/out.json --htmlfile /tmp/out.html > /dev/null
2020-11-05T14:11:20.7921900Z 2020-11-05 14:11:20.791	�[34mINFO�[0m	Registering with server	{"os": "linux", "os_version": "", "registries": []}
2020-11-05T14:11:20.9756229Z 2020-11-05 14:11:20.974	�[34mINFO�[0m	Successfully registered	{"scanner_id": 15}
2020-11-05T14:11:21.2419409Z 2020-11-05 14:11:21.240	�[34mINFO�[0m	Connecting to registry...	{"registry": "Docker", "image": "svendowideit/traefik-certdumper:latest", "requested platform": "amd64:::", "job ID": "5e8bbaf7-0d92-496d-bcf6-50d25c0a8ba5", "server version": "5.0.409a4f852d"}

2020-11-05T14:11:25.3375933Z 2020-11-05 14:11:25.336	�[34mINFO�[0m	Scan successfully completed.
2020-11-05T14:11:25.5588461Z docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp registry.aquasec.com/scanner:5.0 scan --user *** --password *** --host http://host.com:8080/ --registry Docker ubuntu:latest --jsonfile /tmp/out.json --htmlfile /tmp/out.html > /dev/null
2020-11-05T14:11:26.3026659Z 2020-11-05 14:11:26.301	�[34mINFO�[0m	Registering with server	{"os": "linux", "os_version": "", "registries": []}
2020-11-05T14:11:26.5025147Z 2020-11-05 14:11:26.501	�[34mINFO�[0m	Successfully registered	{"scanner_id": 16}
2020-11-05T14:11:26.8002877Z 2020-11-05 14:11:26.799	�[34mINFO�[0m	Connecting to registry...	{"registry": "Docker", "image": "ubuntu:latest", "requested platform": "amd64:::", "job ID": "2c15b633-f71e-4829-adc5-10962eef295f", "server version": "5.0.409a4f852d"}

2020-11-05T14:11:31.0552058Z 2020-11-05 14:11:31.052	�[34mINFO�[0m	Scan successfully completed.
2020-11-05T14:11:31.2528339Z docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp registry.aquasec.com/scanner:5.0 scan --user *** --password *** --host http://host.com:8080/ --registry Docker "alpine:latest" --jsonfile /tmp/out.json --htmlfile /tmp/out.html > /dev/null
2020-11-05T14:11:32.0155294Z 2020-11-05 14:11:32.014	�[34mINFO�[0m	Registering with server	{"os": "linux", "os_version": "", "registries": []}
2020-11-05T14:11:33.2303183Z 2020-11-05 14:11:33.229	�[34mINFO�[0m	Successfully registered	{"scanner_id": 17}
2020-11-05T14:11:33.5263152Z 2020-11-05 14:11:33.525	�[34mINFO�[0m	Connecting to registry...	{"registry": "Docker", "image": "alpine:latest", "requested platform": "amd64:::", "job ID": "5e5b505a-6b78-49dc-8521-eadeb2573cbb", "server version": "5.0.409a4f852d"}

2020-11-05T14:11:37.2886629Z 2020-11-05 14:11:37.287	�[34mINFO�[0m	Scan successfully completed.
2020-11-05T14:11:37.5881322Z ##[section]Async Command Start: Upload Artifact
2020-11-05T14:11:37.5881680Z Uploading 1 files
2020-11-05T14:11:38.0915009Z File upload succeed.
2020-11-05T14:11:38.0916075Z Upload '/tmp/AquaSecurity.json' to file container: '#/3235508/scan results'
2020-11-05T14:11:38.2600951Z Associated artifact 121 with build 294
2020-11-05T14:11:38.2603304Z ##[section]Async Command End: Upload Artifact
2020-11-05T14:11:38.2607542Z ##[section]Finishing: Image Scanning