Skip to content

TrustSource/ts-docker

BranchesTags

Repository files navigation

TrustSource Docker scanner

Gitter Supported Versions

This is a wrapper for Syft, allowing to decompose a docker image - pulled from default registry - and transferring the results to TrustSource or writing it into a local JSON.

Prerequisites

Syft - a tool for generating a Software Bill of Materials (SBOM) from container images and filesystems. For the installation instruction, refer to anchore:syft. ts-docker will use the default path set during the installation to find syft and handle it. You may specify a path, in case this is required. See below for more information.

Installation

To install, please clone the repo and install from there:

  • Clone repository
git clone https://github.com/TrustSource/ts-docker.git
  • Install using PIP from the base directory (where you have cloned the repo in)
pip3 install ./ts-docker

Usage

You may execute the utility without any further connection to TrustSource. However, to transfer data into TrustSource, you require a valid API key and a projectname to associate transfered data with. To retrieve a valid API key, please contact your project manager or see our knowledgebase

Execute Help

ts-docker has a CLI. To learn more, run --help

ts-docker --help

This will display the different options available:

Usage: ts-docker [OPTIONS] IMAGE

Options:
  --syft-path TEXT     Path to the Syft executable.
  --apiKey TEXT        API Key for data transfer to TrustSource.
  --projectName TEXT   Project name to associate data with.
  --skipTransfer       Skip transfer of results to TrustSource (local use only).
  --settingsFile TEXT  Path to a settings file, e.g. containing the API key
  --outputFile TEXT    Path to an output file, to store upload data locally (will be JSON).
  --help               Show this message and exit.

Examples

Prepare data without transfering

ts-docker --skipTransfer <local Docker image name>

Will execute the scan and write scan result to stdout.

Prepare data and transfer to TrustSource

ts-docker --apiKey <KEY> --projectName <NAME> <local Docker image name>

Will execute the scan, upload data to TrustSource and associate it with project NAME.

Questions & Support

Please find further information at our knowledgebase or contact TrustSource Support for more questions.

Feel free to star, fork and improve. We are looking forward to get your feedback!

About

Allows to scan docker images and transfer the data to TrustSource https://app.trustsource.io

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages