Перейти к файлу
Christian Dupuis 38d2a64b4e
Delint
2023-02-03 09:54:07 +01:00
.github/workflows refactor: move main.go to cmd/docker-index folder 2023-01-10 10:07:45 +01:00
cmd/docker-index refactor: move main.go to cmd/docker-index folder 2023-01-10 10:07:45 +01:00
commands Add username and password to lsp func 2023-02-03 09:41:41 +01:00
format chore: fix gosimple issues 2023-01-09 17:57:45 +01:00
internal chore: read commit from Go 2023-01-10 11:39:08 +01:00
lsp Delint 2023-02-03 09:54:07 +01:00
query Fix badge logic 2023-01-25 15:22:38 +01:00
registry Add username and password to lsp func 2023-02-03 09:41:41 +01:00
sbom Fix test 2023-02-03 09:53:49 +01:00
types Add new distro 2023-01-16 12:31:15 +01:00
.gitignore Add diff command 2022-10-28 16:25:28 +02:00
.golangci.yml chore: add golangci-lint task and config 2023-01-09 17:57:39 +01:00
.goreleaser.yaml Merge pull request #13 from eunomie/refactor-main 2023-01-24 22:21:12 +01:00
Dockerfile refactor: move main.go to cmd/docker-index folder 2023-01-10 10:07:45 +01:00
LICENSE Initial commit 2022-10-27 07:44:35 +02:00
README.md Some more progress 2022-11-01 16:09:47 +01:00
Taskfile.yaml refactor: move main.go to cmd/docker-index folder 2023-01-10 10:07:45 +01:00
go.mod Bump github.com/containerd/containerd from 1.6.8 to 1.6.12 2023-01-09 09:52:29 +00:00
go.sum Bump github.com/containerd/containerd from 1.6.8 to 1.6.12 2023-01-09 09:52:29 +00:00
install.sh Run standalone 2022-10-27 22:41:00 +02:00

README.md

Note: This repository is not an officially supported Docker project.

docker index Docker CLI tool

Docker CLI tool to create image SBOMs as well as analyze packages for known vulnerabilities using the Atomist data plane.

Installation

You can install manually by following these steps:

  • Download the binary from the release page
  • Unzip the archive

Usage

docker-index sbom

To create an SBOM for a local or remote image, run the following command:

$ docker-index sbom --image <IMAGE> 
  • --image <IMAGE> can either be a local image id or fully qualified image name from a remote registry
  • --oci-dir <DIR> can point to a local image in OCI directory format
  • --output <OUTPUT FILE> allows to store the generated SBOM in a local file
  • --include-cves will include all detected CVEs in generated output

docker-index cve

To detect base images for local or remote images, use the following command:

$ docker-index cve --image <IMAGE> CVE_ID 
  • --image <IMAGE> can either be a local image id or fully qualified image name from a remote registry
  • --oci-dir <DIR> can point to a local image in OCI directory format
  • --remediate include suggested remediation in the output
  • CVE_ID can be any known CVE id