index-cli-plugin/README.md

**Note:** This repository is not an officially supported Docker project.

# `docker index` Docker CLI plugin

Docker CLI plugin to create image SBOMs as well as analyze packages for known vulnerabilities 
using the Atomist data plane.

## Installation

To install, run the following command in your terminal:

```shell
$ curl -sSfL https://raw.githubusercontent.com/docker/index-cli-plugin/main/install.sh | sh -s --
```

Alternatively, you can install manually by following these steps:

* Download the plugin binary from the [release page](https://github.com/docker/index-cli-plugin/releases/latest)
* Unzip the archive
* Copy/move the binary into `$HOME/.docker/cli-plugins`

## Usage

### `docker index sbom`

To create an SBOM for a local or remote image, run the following command:

```shell
$ docker index sbom --image <IMAGE> 
```

* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
* `--oci-dir <DIR>` can point to a local image in OCI directory format
* `--output <OUTPUT FILE>` allows to store the generated SBOM in a local file
* `--include-cves` will include all detected CVEs in generated output

### `docker index cve`

To detect base images for local or remote images, use the following command:

```shell
$ docker index cve --image <IMAGE> CVE_ID 
```

* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
* `--oci-dir <DIR>` can point to a local image in OCI directory format
* `CVE_ID` can be any known CVE id
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			`Note: This repository is not an officially supported Docker project.`

Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00			# `docker index` Docker CLI plugin

			`Docker CLI plugin to create image SBOMs as well as analyze packages for known vulnerabilities`
			`using the Atomist data plane.`

			`## Installation`

			`To install, run the following command in your terminal:`

			```shell
			`$ curl -sSfL https://raw.githubusercontent.com/docker/index-cli-plugin/main/install.sh \| sh -s --`
			```

			`Alternatively, you can install manually by following these steps:`

			`* Download the plugin binary from the [release page](https://github.com/docker/index-cli-plugin/releases/latest)`
			`* Unzip the archive`
			* Copy/move the binary into `$HOME/.docker/cli-plugins`

			`## Usage`

			### `docker index sbom`

Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			`To create an SBOM for a local or remote image, run the following command:`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
			```shell
			`$ docker index sbom --image <IMAGE>`
			```

Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
			* `--oci-dir <DIR>` can point to a local image in OCI directory format
			* `--output <OUTPUT FILE>` allows to store the generated SBOM in a local file
			* `--include-cves` will include all detected CVEs in generated output

			### `docker index cve`

			`To detect base images for local or remote images, use the following command:`

			```shell
			`$ docker index cve --image <IMAGE> CVE_ID`
			```
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
			* `--oci-dir <DIR>` can point to a local image in OCI directory format
			* `CVE_ID` can be any known CVE id