search

anchore / ci-tools

Contains scripts for running anchore engine in CI pipelines
Apache License 2.0
34 stars 33 forks source link

Multiple containers won't scan #18

Closed dmichelin closed 4 years ago

dmichelin commented 5 years ago

curl -s https://raw.githubusercontent.com/anchore/ci-tools/master/scripts/inline_scan | bash -s -- -t 35000 -p -r alpine:latest ubuntu:latest centos:latest

gives the following output

Pulling image -- alpine:latest ubuntu:latest centos:latest
"docker pull" requires exactly 1 argument.
See 'docker pull --help'.

Usage:  docker pull [OPTIONS] NAME[:TAG|@DIGEST]

Pull an image or a repository from a registry

WARNING - Please pull remote image, or build/tag all local images before attempting analysis again

        ERROR - no local docker images specified in script input: bash alpine:latest ubuntu:latest centos:latest

Anchore Engine Inline Scanner/Analyzer --

  Wrapper script for performing vulnerability scan or image analysis on local docker images, utilizing the Anchore Engine inline_scan container.
  For more detailed usage instructions use the -h option after specifying scan or analyze.

    Usage: bash <scan|analyze> [ OPTIONS ]

This has broken a couple of our CI scans. I'm assuming I'm using the script correctly?

Btodhunter commented 5 years ago

Hey @dmichelin - we're working on a pretty major feature addition to the inline_scan, so master isn't actually stable at the moment. I will make sure I fix the inline_scan so that multiple images still work when we release this new version.

For now (and in general for your CI pipelines) I recommend using our version locked inline_scan scripts @ ci-tools.anchore.io/inline_scan-v0.4.1

ie curl -s https://ci-tools.anchore.io/inline_scan-v0.4.1 | bash -s -- -t 35000 -p -r alpine:latest ubuntu:latest centos:latest

dmichelin commented 5 years ago

@Btodhunter Cool, thanks for the update, workaround, and quick response.