def scan(image):
os.system("docker-compose exec -T engine-api anchore-cli image add " +
image)
os.system("docker-compose exec -T engine-api anchore-cli image wait " +
image)
os.system("docker-compose exec -T engine-api anchore-cli image vuln " +
image + " all > /results/anchore/" +
utils.createOutputName(image) + ".json")
def scan(image):
subprocess.run('''docker run -e "SNYK_TOKEN=$(cat /config/snyk/token)" -v "/home/tutorial/images/snyk_tests:/project" -v "/var/run/docker.sock:/var/run/docker.sock" snyk/snyk-cli:docker test --docker "''' + image + '''" > /results/snyk/''' + utils.createOutputName(image) + '''.json''', shell=True)
def scan(image):
subprocess.run(
"MICROSCANNER_TOKEN=$(cat /config/microscanner/token) ./scan.sh " +
image + " > /results/microscanner/" + utils.createOutputName(image) +
".json",
shell=True)
def scan(image):
ip = os.popen('echo $(hostname -I | cut -d" " -f1)').read().replace(
'\n', '').replace('\r', '')
subprocess.run("./clair-scanner --ip=\"" + ip + "\" -r /results/clair/" +
utils.createOutputName(image) + ".json " + image,
shell=True)
import parse
import utils
oldData = {'images': [], 'parsers': []}
config = None
with open('/config/config.json', 'r') as json_file:
config = json.load(json_file)
output = "/results/output/" + config['output']
containerNames = []
# Load container names from config
for container in config['images']:
containerNames.append(utils.createOutputName(container))
scanners = config['scanners']
if os.path.isfile(output + '.json'):
with open(output + '.json', 'r') as json_file:
oldData = json.load(json_file)
def createRow(vulnInfo, oldImageData, newImageData, parsers):
vulnerability = vulnInfo['vulnerability']
fields = {
'package': set(),
'version': set(),
'severity': set(),
def scan(image):
subprocess.run("trivy -f json -o /results/trivy/" + utils.createOutputName(image) + ".json " + image, shell=True)