SecretScanner http server post format

deepfence / SecretScanner

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

https://deepfence.io

MIT License

3.12k stars 321 forks source link

SecretScanner http server post format #57

Open Ethonwu opened 2 years ago

Ethonwu commented 2 years ago

Hello, I run SecretScanner as a http server. But I do not know how to use curl command to POST data to http server. This is my example:

curl -X POST http://0.0.0.0:8080/secret-scan -d '{"image_name_with_tag_list": ["<my_image_name:tag>"]}' -H 'Content-Type: application/json'

And output is:

{"error":"Image Name with tag list is required "}

I have trace code, and in http.go file, I found the runSecretScan func in line 49. But I always POST fail to http server, what is POST data format?

saurabh2253 commented 2 years ago

Hi @Ethonwu Thank you for trying SecretScanner, currently the SecretScanner http server is written for the use with ThreatMapper only. We will get back to you with a generic http service.

Ethonwu commented 2 years ago

Thank you, i find this api server mode input para is depend on registry_image_save.py options. I am researching this python code, if I have some research result such as: find some POST data pattern, I will try to update this info on README

ibreakthecloud commented 2 years ago

Hi @Ethonwu, the feature to run SecretScanner as a independent HTTP server mode has been added. Please refer to this PR: https://github.com/deepfence/SecretScanner/pull/67 I'll update the README with this. thanks

ibreakthecloud commented 2 years ago

TODO:

[ ] Update Readme with standalone mode