def scan_registry(registry_url):
"""Scan the docker registry and import the layers into Neo4J."""
client = DockerRegistryClient(registry_url)
try:
repositories = client.repositories()
except requests.HTTPError as e:
if e.response.status_code == requests.codes.not_found:
print("Catalog/Search not supported")
else:
raise
else:
print("Repositories:")
for repository in repositories:
repo = client.repository(repository)
for tag in repo.tags():
print("%s/%s:%s" % (registry_url, repository, tag))
assert client.api_version in [1, 2]
if client.api_version == 2:
manifest, digest = repo.manifest(tag)
layers = list(map(get_hash, manifest["fsLayers"]))
else:
image = repo.image(tag)
image_json = image.get_json()
layers = list(map(get_hash, image_json["fsLayers"]))
layer_fingerprint = "".join(layers)
with neo4j.session() as session:
session.run(
"MERGE ( i:Image {url: '%s', repo: '%s', tag: '%s'}) SET i.fingerprint='%s' "
% (registry_url, repository, tag, layer_fingerprint))
def test_repositories(self, version, namespace):
url = mock_registry(version)
client = DockerRegistryClient(url)
repositories = client.repositories(TEST_NAMESPACE)
assert len(repositories) == 1
assert TEST_NAME in repositories
repository = repositories[TEST_NAME]
assert repository.name == "%s/%s" % (TEST_NAMESPACE, TEST_REPO)
def test_repositories(self, version, namespace):
url = mock_registry(version)
client = DockerRegistryClient(url)
repositories = client.repositories(TEST_NAMESPACE)
assert len(repositories) == 1
assert TEST_NAME in repositories
repository = repositories[TEST_NAME]
assert repository.name == "%s/%s" % (TEST_NAMESPACE, TEST_REPO)
def test_repository_tags(self, version):
url = mock_registry(version)
client = DockerRegistryClient(url)
repositories = client.repositories(TEST_NAMESPACE)
assert TEST_NAME in repositories
repository = repositories[TEST_NAME]
tags = repository.tags()
assert len(tags) == 1
assert TEST_TAG in tags
def test_repository_tags(self, version):
url = mock_registry(version)
client = DockerRegistryClient(url)
repositories = client.repositories(TEST_NAMESPACE)
assert TEST_NAME in repositories
repository = repositories[TEST_NAME]
tags = repository.tags()
assert len(tags) == 1
assert TEST_TAG in tags
from docker_registry_client import DockerRegistryClient
import docker
client = DockerRegistryClient("http://127.0.0.1:5000")
print client.repositories()
r = client.repository("busybox")
tags = r.tags()
print tags
docker_client = docker.from_env()
reg = docker_client.containers.get("registry")
print reg
docker_client.login(registry="http://127.0.0.1:5000", username="", password="")
docker_client.images.pull("127.0.0.1:5000/busybox")
def test_repository_manifest(self):
url = mock_v2_registry()
client = DockerRegistryClient(url)
repository = client.repositories()[TEST_NAME]
manifest, digest = repository.manifest(TEST_TAG)
repository.delete_manifest(digest)
def test_repository_manifest(self):
url = mock_v2_registry()
client = DockerRegistryClient(url)
repository = client.repositories()[TEST_NAME]
manifest, digest = repository.manifest(TEST_TAG)
repository.delete_manifest(digest)
import yaml
import os
import io
import tarfile
from docker_registry_client import DockerRegistryClient
target_directory = 'sample_lain_yaml'
try:
os.mkdir(target_directory)
except FileExistsError:
pass
client = docker.from_env(version='auto')
registry_host = 'registry.lain.ein.plus'
registry = DockerRegistryClient(f'http://{registry_host}')
repos = registry.repositories()
print(repos)
for repo in repos.values():
try:
tags = repo.tags()
except HTTPError:
continue
if not tags:
continue
try:
latest_meta_tag = max(t for t in tags if t.startswith('meta-'))
except ValueError:
continue
image_name = f'{registry_host}/{repo.name}:{latest_meta_tag}'
client.images.pull(image_name)
container = client.containers.create(image_name, command='whatever')
import os
from laceworksdk import LaceworkClient
from docker_registry_client import DockerRegistryClient
lw = LaceworkClient(account=os.getenv('LW_ACCOUNT'),
api_key=os.getenv('LW_API_KEY'),
api_secret=os.getenv('LW_API_SECRET'))
registry = os.getenv('REGISTRY')
nexus = DockerRegistryClient(f"https://{registry}",
verify_ssl=False,
username=os.getenv('REGISTRY_USER'),
password=os.getenv('REGISTRY_PASSWORD'))
repos = nexus.repositories()
for name, repo in repos.items():
tags = repo.tags()
for tag in tags:
scan_request = lw.vulnerabilities.initiate_container_scan(
registry, name, tag)
print(
f"INITIATING SCAN FOR -> REGISTRY[{registry}] IMAGE[{name}] TAG[{tag}] -> RequestId [{scan_request['data']['RequestId']}]"
)
