Giter Club home page Giter Club logo

carbon-black-cloud-container-cli's Introduction

carbon-black-cloud-container-cli

carbon-black-cloud-container-cli (also known as cbctl) is a CLI tool that can be used to scan any container-based images in the command line or in CI/CD pipelines.

Get started

Build the CLI binary

To Linux:

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
  go build  \
   -tags="containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs" \
   -ldflags "-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.version=${version}' \
             -X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.buildDate=${build_date}'" \
   main.go

To MacOS:

CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 \
  go build  \
   -tags="containers_image_openpgp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs" \
   -ldflags "-X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.version=${version}' \
             -X 'github.com/vmware/carbon-black-cloud-container-cli/internal/version.buildDate=${build_date}'" \
   main.go

CLI binary reference

The detailed usage of cbctl can be found here: Carbon Black Container CLI

Package usage

We exposed bom generation and scan image functions for convenient image scanning process, you can follow the following steps to get started:

Import the package

$ go get -u github.com/vmware/carbon-black-cloud-container-cli

How to take use of CLI packages?

  1. Create a pair of API ID & Key with workloads.container.image (CREATE and READ permissions) access level in Carbon Black Cloud console
  2. Create a RegistryHandler for generating Software Bill of Materials (SBOM) from user's input:
    1. Create RegistryHandler: registryHandler := scan.NewRegistryHandler()
    2. Get the SBOM (options can be checked below): sbom, err := registryHandler.Generate(input, scan.Option)
  3. Create a ScanHandler for scanning vulnerabilities from SBOM:
    1. Create ScanHandler: scanHandler := scan.NewScanHandler(<CBC_saasURL>, <CBC_orgKey>, <apiID>, <apiKey>, <sbom>);
    2. Scan the SBOM (options can be checked below): scannedImage, err := scanHandler.Scan(scan.Option)

Scan options

Option Name Type Description
ForceScan bool Force scan an image no matter it is scanned or not
Credential string The auth string used for login to registry, format: USERNAME[:PASSWORD]
FullTag string The tag set to override in the image
UseDockerDaemon bool Use docker daemon to pull the image
ShouldCleanup bool Delete the docker image pulled by docker (should only be used when UserDockerDaemon is true)
Timeout int The duration (second) for the scan

Contributing

Please follow CONTRIBUTING.md

License

Apache-2.0

carbon-black-cloud-container-cli's People

Contributors

dependabot[bot] avatar gsalhov avatar penghez avatar shoraniy avatar yonatan-shorani avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

penghez aliaksei-karneyeu openx armbiant isabella232 seanpm2001

carbon-black-cloud-container-cli's Issues

Allow pipeline to be failed in case of any or particular vulnerabilities found

Is your feature request related to a problem? Please describe.

Hey guys, thank you for great product.
Right now in pipeline when image scanned after builded carbon black only shows table with vulnerabilities.

Describe the solution you'd like

Would be nice carbon black to fail pipeline if any vulnerabilities found, or only CRITICAL. Same as other linters do, as example golangci-lint

Describe alternatives you've considered

No response

Additional context

No response

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.