GitHub - vmware/carbon-black-cloud-container-cli: carbon-black-cloud-container-c...
source link: https://github.com/vmware/carbon-black-cloud-container-cli
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
carbon-black-cloud-container-cli
carbon-black-cloud-container-cli (also known as cbctl) is a CLI tool that can be used to scan any container-based images in the command line or in CI/CD pipelines.
Get started
Build the CLI binary
To Linux:
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
go build \
-tags="containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs" \
-ldflags "-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.version=${version}' \
-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.buildDate=${build_date}'" \
main.go
To MacOS:
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 \
go build \
-tags="containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs" \
-ldflags "-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.version=${version}' \
-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.buildDate=${build_date}'" \
main.go
CLI binary reference
The detailed usage of cbctl can be found here: Carbon Black Container CLI
Package usage
We exposed bom generation and scan image functions for convenient image scanning process, you can follow the following steps to get started:
Import the package
$ go get -u github.com/vmware/carbon-black-cloud-container-cli
How to take use of CLI packages?
- Create a pair of API ID & Key with
workloads.container.image
(CREATE and READ permissions) access level in Carbon Black Cloud console - Create a RegistryHandler for generating Software Bill of Materials (SBOM) from user's input:
- Create RegistryHandler:
registryHandler := scan.NewRegistryHandler()
- Get the SBOM (options can be checked below):
sbom, err := registryHandler.Generate(input, scan.Option)
- Create RegistryHandler:
- Create a ScanHandler for scanning vulnerabilities from SBOM:
- Create ScanHandler:
scanHandler := scan.NewScanHandler(<CBC_saasURL>, <CBC_orgKey>, <apiID>, <apiKey>, <sbom>)
; - Scan the SBOM (options can be checked below):
scannedImage, err := scanHandler.Scan(scan.Option)
- Create ScanHandler:
Scan options
Option Name | Type | Description |
---|---|---|
ForceScan | bool | Force scan an image no matter it is scanned or not |
Credential | string | The auth string used for login to registry, format: USERNAME[:PASSWORD] |
FullTag | string | The tag set to override in the image |
UseDockerDaemon | bool | Use docker daemon to pull the image |
ShouldCleanup | bool | Delete the docker image pulled by docker (should only be used when UserDockerDaemon is true ) |
Timeout | int | The duration (second) for the scan |
Contributing
Please follow CONTRIBUTING.md
License
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK