Giter Club home page Giter Club logo

anchore_script's Introduction

anchore_script

TL;DR

bash script to get vulnerability reports from repo. Supports private AWS ECR.

Script asks for ECR address, retrieves repos, sorts images by latest, feeds them to anchore, and retrieve the result which is shown in a nicely formatted HTML. Can retrieve report for all ECR images and a single repo:tag.

Example screenshot

Scenario

I was tired to see the vulnerability report on the CLI and made this is a handy script to query report(s) from anchore. Supports ECR and dockerhub.

Prerequisites

Don't forget to add PATH and environment variables (either to .profile or .bashrc, whichever you use):

PATH=$PATH:/usr/local/bin/anchore-cli
ANCHORE_CLI_URL=http://localhost:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar

At the time of writing, anchore-cli runs on python 2.7!

Commands

apt update
apt install aws docker.io python3 python3-pip docker-compose
aws configure
git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .
git clone https://github.com/anchore/anchore-cli
cd anchore-cli
pip install --user --upgrade .
#add anchore-cli to PATH and others to env variable
# PATH="/usr/local/bin/anchore-cli:$PATH"
ANCHORE_CLI_URL=http://localhost:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar" >> ~/.profile
mkdir aevolume
cd aevolume
docker pull anchore/anchore-engine:v0.4.0
docker create --name ae anchore/anchore-engine:v0.4.0
docker cp ae:/docker-compose.yaml . 
docker rm ae
docker-compose pull
docker-compose up -d
aws ecr get-login
# copy-pasta the output to log in docker and add the registry to anchore-cli
# if need to add user and password and environment variables in .profile or .bashrc don't work, create alias instead.
anchore-cli --url http://localhost:8228/v1 --u admin --p foobar registry add REGISTRY_sans_https REGISTRY_USERNAME REGISTRY_PASSWORD --registry-type docker_v2

anchore_script's People

Contributors

akerge avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.