index-cli-plugin/README.md

**Note:** This repository is not an officially supported Docker project.

# `docker index` Docker CLI tool

Docker CLI tool to create image SBOMs as well as analyze packages for known vulnerabilities 
using the Atomist data plane.

## Installation

You can install manually by following these steps:

* Download the binary from the [release page](https://github.com/docker/index-cli-plugin/releases/latest)
* Unzip the archive

## Usage

### `docker-index sbom`

To create an SBOM for a local or remote image, run the following command:

```shell
$ docker-index sbom --image <IMAGE> 
```

* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
* `--oci-dir <DIR>` can point to a local image in OCI directory format
* `--output <OUTPUT FILE>` allows to store the generated SBOM in a local file
* `--include-cves` will include all detected CVEs in generated output

### `docker-index cve`

To detect base images for local or remote images, use the following command:

```shell
$ docker-index cve --image <IMAGE> CVE_ID 
```

* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
* `--oci-dir <DIR>` can point to a local image in OCI directory format
* `--remediate` include suggested remediation in the output
* `CVE_ID` can be any known CVE id
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			`Note: This repository is not an officially supported Docker project.`

Update README.md 2022-11-01 00:42:22 +03:00			# `docker index` Docker CLI tool
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
Update README.md 2022-11-01 00:42:22 +03:00			`Docker CLI tool to create image SBOMs as well as analyze packages for known vulnerabilities`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00			`using the Atomist data plane.`

			`## Installation`

Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			`You can install manually by following these steps:`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			`* Download the binary from the [release page](https://github.com/docker/index-cli-plugin/releases/latest)`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00			`* Unzip the archive`

			`## Usage`

Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			### `docker-index sbom`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			`To create an SBOM for a local or remote image, run the following command:`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
			```shell
Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			`$ docker-index sbom --image <IMAGE>`
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00			```

Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
			* `--oci-dir <DIR>` can point to a local image in OCI directory format
			* `--output <OUTPUT FILE>` allows to store the generated SBOM in a local file
			* `--include-cves` will include all detected CVEs in generated output

Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			### `docker-index cve`
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00
			`To detect base images for local or remote images, use the following command:`

			```shell
Run standalone Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 23:41:00 +03:00			`$ docker-index cve --image <IMAGE> CVE_ID`
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			```
Initial commit Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 08:44:35 +03:00
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			* `--image <IMAGE>` can either be a local image id or fully qualified image name from a remote registry
			* `--oci-dir <DIR>` can point to a local image in OCI directory format
Some more progress Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-11-01 18:09:47 +03:00			* `--remediate` include suggested remediation in the output
Add cve detection Signed-off-by: Christian Dupuis <cd@atomist.com> 2022-10-27 16:48:12 +03:00			* `CVE_ID` can be any known CVE id