search

timfeirg / lain-cli

DevOps with minimum effort.
https://lain-cli.readthedocs.io/en/latest/
MIT License
31 stars 9 forks source link

[lain image] introduce command #5

Closed timfeirg closed 2 years ago

timfeirg commented 2 years ago

去掉了无用的 lain meta, 改为 lain image, 这样一来就可以用类似 docker scan $(lain image) 来做镜像扫描了, clair 或许也一样.

cc @hongqn

hongqn commented 2 years ago

看了下 docker scan 只能在 Docker Desktop 上用,且有 scan 次数限制,似乎没法在 CI 上集成。看看 clair 怎么做

timfeirg commented 2 years ago

docker scan 可以在 ubuntu server 上使用, 但需要安装 docker-scan-plugin. 大量 docker 的周边功能都是插件来完成的.

国内安装可以直接:

# 在 server 上执行, 直接能帮忙安装好 docker-scan-plugin
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

clair 我粗看了下, 注意到这玩意需要自行部署 server 端, 部署上不如 docker scan 或者 trivy 方便.

docker scan 在匿名使用下有次数限制, 但登陆以后似乎就好了:

Without any further configuration, you can execute ten (10) scans per month using docker scan and Snyk. Once you reach this limit, you have to login with a Snyk account, to continue scanning Docker images locally.

@hongqn

timfeirg commented 2 years ago

如果要实现 lain scan, 并且功能上仅仅是对 clair / trivy / docker scan 做了封装, 那其实倒不如直接调用这些三方流程, 传参还方便些(做这种事情, 经常要输出报告, 或者给 repo readme 做 badge 啥的, 能自由传参肯定更好).

这些三方工具到最后使用的时候, 基本上都是 [cli] [scan|image] [image-name] 的形式, lain 就先不做这种简单 wrap 的事情了, 对易用性其实没多少提升.

hongqn commented 2 years ago

感谢。

docker scan 用 Snyk 登录后,每月的 scan 次数为 200 次,虽然一般够用,但感觉你提到的 trivy 可能更合适(似乎不受限,且调用方便)。

考虑到 trivy 还有 GitLab CI 集成示例 ,打算在 lain image 的基础上来配置下看看。

无论是否用于安全扫描, lain image 看起来都是一个有用的命令。

codecov-commenter commented 2 years ago

Codecov Report

Merging #5 (f7bbbe3) into master (a7fe340) will increase coverage by 0.12%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master       #5      +/-   ##
==========================================
+ Coverage   57.14%   57.27%   +0.12%     
==========================================
  Files          14       14              
  Lines        3701     3705       +4     
==========================================
+ Hits         2115     2122       +7     
+ Misses       1586     1583       -3
Impacted Files Coverage Δ
lain_cli/utils.py 71.65% <ø> (+0.16%) :arrow_up:
lain_cli/__init__.py 100.00% <100.00%> (ø)
lain_cli/lain.py 54.37% <100.00%> (+0.16%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a7fe340...f7bbbe3. Read the comment docs.