jsotiro / docker-multiscan Goto Github PK
View Code? Open in Web Editor NEWA multi scanner for docker images. It drives Clair, Anchore, Trivy, Snyk, Grype, AWS ECR scans and consolidates the results.
License: Apache License 2.0
A multi scanner for docker images. It drives Clair, Anchore, Trivy, Snyk, Grype, AWS ECR scans and consolidates the results.
License: Apache License 2.0
You wrote
It has been used/tested on
- WSL2 on Windows 10 pro
How so? Neither installing it normally nor using Docker Desktop adds the network bridge "docker0" and therefore clair fails because it can't find the ip.
Furthermore I noticed on the first scan it loaded a 7gb anchor image. Why isn't this in the install-scanners.sh instead?
Several fixes (no time for a pr currently)
requests
#!/bin/bash
or else the script fails because [[ ]]
is a bash thing and not every shell supports it OR change the readme to bash install-scanners.sh
EDIT: setting the correct WSL gateway (this is still host.docker.internal or gateway.docker.internal for WSL, see Use cases and workarounds)
elif [[ "$(uname -r | sed -n 's/.*\( *microsoft *\).*/\1/pI')" == "microsoft"* ]]; then
LOCALHOST=host.docker.internal
But I still get the error Could not analyze layer: Clair responded with a failure: Got response 400 with message {"Error":{"Message":"could not find layer"}}
EDIT: I scanned a remote image and with anchore-inline only and the following command python dmscan.py -i docker.internal.net/org/image:0.1"
Result: it is saving the output as "image_0.1-[...].json" but you are looking for the report "org_0.1-vuln.json"
You mess up for image_author and image_name
Lets say its docker.internal.net/org/image:0.1 the result will be
Expected
How to fix? With negative indexing!
if "/" in main:
author = temp_name[-2]
name = temp_name[-1]
Installing snyx from ./install_scanners.sh requires sudo or it will fail since it is trying to do a system wide install.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.