README
¶
libVeinMind: 问脉容器安全 SDK
容器安全见筋脉,望闻问切治病害。
问脉 (TM) SDK 提供了容器安全领域所关心的容器、镜像和运行时等对象的信息获取、镜像内容器访问等相关操作。并进行合理的抽象以提高容器安全工具对 Docker、Containerd 和 Kubernetes 等不同容器产品的兼容性,简化容器安全工具的开发和维护。
问脉 SDK 是问脉 (TM) 容器安全开源工具箱编译和运行所需的依赖,您也可以基于问脉 SDK 开发符合自己需求的容器安全工具。
问脉 SDK 中的接口部分在本仓库中进行了开源,实现部分采取免费闭源的方式提供给用户。
快速开始
一般情况下,应用应以平行容器的方式发布和部署,用户无需额外安装依赖。如何以平行容器方式构建与发布应用,详见平行容器说明文档。
若应用只支持本地运行,或需要搭建本地环境进行开发,则需要先安装对应平台下的问脉 SDK 软件包。
软件安装包元信息中包含问脉 SDK 的相关许可协议,在开发和使用时请遵守许可协议。当您下载并安装 SDK 软件包后即视为您已同意问脉 SDK 使用协议。
在 Ubuntu 和 Debian 平台下,添加问脉 SDK 的 APT 仓库即可安装所需软件包:
echo 'deb [trusted=yes] https://download.veinmind.tech/libveinmind/apt/ ./' | sudo tee /etc/apt/sources.list.d/libveinmind.list
sudo apt-get update
sudo apt-get install libveinmind-dev
在 RedHat 和 CentOS 平台下,添加问脉 SDK 的 yum 仓库即可安装所需软件包:
sudo cat > /etc/yum.repos.d/libveinmind.repo << ==EOF==
[libveinmind]
name=libVeinMind SDK yum repository
baseurl=https://download.veinmind.tech/libveinmind/yum/
enabled=1
gpgcheck=0
==EOF==
sudo yum install libveinmind-devel
开发指南
联系我们
-
您可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议。
-
您扫描下方二维码可以通过添加问脉小助手,以加入问脉用户讨论群进行详细讨论:
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api defines the API outline for working with different container runtimes.
|
Package api defines the API outline for working with different container runtimes. |
|
cmd
Package cmd defines the concrete protocol between host and plugins based on libVeinMind plugin system.
|
Package cmd defines the concrete protocol between host and plugins based on libVeinMind plugin system. |
|
containerd
Package containerd is the API implementation on containerd.
|
Package containerd is the API implementation on containerd. |
|
docker
Package docker is the API implementation on docker.
|
Package docker is the API implementation on docker. |
|
kubernetes
Package kubernetes is the API implementation on kubernetes.
|
Package kubernetes is the API implementation on kubernetes. |
|
pkg/behaviour
Package behaviour implements some common binding based interfaces by their behaviours, so that real entities can conveniently aggregate these behaviour into them.
|
Package behaviour implements some common binding based interfaces by their behaviours, so that real entities can conveniently aggregate these behaviour into them. |
|
pkg/binding
Package binding is the actual package binding part that requires the libveinmind library through pkg-config, and and attempt to reconstruct the API interface from it.
|
Package binding is the actual package binding part that requires the libveinmind library through pkg-config, and and attempt to reconstruct the API interface from it. |
|
pkg/pflagext
Package pflagext is the extension of pflag which is part of the cobra framework.
|
Package pflagext is the extension of pflag which is part of the cobra framework. |
|
pkg/vfs
Package vfs provides a file system adapted to the veinmind parallel container mode
|
Package vfs provides a file system adapted to the veinmind parallel container mode |
|
plugin
Package plugin defines the plugin system built in with the libveinmind SDK, allowing easy integration and composition of hosts and plugins.
|
Package plugin defines the plugin system built in with the libveinmind SDK, allowing easy integration and composition of hosts and plugins. |
|
plugin/log
Package plugin/log provides a common log system that is based on the plugin/service.
|
Package plugin/log provides a common log system that is based on the plugin/service. |
|
plugin/service
Package plugin/service provides a common way for host and plugins to communicate in a IPC-like way.
|
Package plugin/service provides a common way for host and plugins to communicate in a IPC-like way. |
|
plugin/specflags
Package specflags provides the flag for specifying plugin specific flags, so that extra arguments might be passed to the matched plugin.
|
Package specflags provides the flag for specifying plugin specific flags, so that extra arguments might be passed to the matched plugin. |
|
remote
Package remote is the API implementation on remote format image.
|
Package remote is the API implementation on remote format image. |
|
tarball
Package tarball is the API implementation on tarball format image.
|
Package tarball is the API implementation on tarball format image. |
Click to show internal directories.
Click to hide internal directories.