index-cli-plugin

module

v0.0.35 Latest Latest Go to latest Published: Mar 11, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Note: This repository is not an officially supported Docker project.

Docker CLI tool to create image SBOMs as well as analyze packages for known vulnerabilities using the Atomist data plane.

You can install manually by following these steps:

To create an SBOM for a local or remote image, run the following command:

$ docker-index sbom --image <IMAGE>

--image <IMAGE> can either be a local image id or fully qualified image name from a remote registry
--oci-dir <DIR> can point to a local image in OCI directory format
--output <OUTPUT FILE> allows to store the generated SBOM in a local file
--include-cves will include all detected CVEs in generated output

To detect base images for local or remote images, use the following command:

$ docker-index cve --image <IMAGE> CVE_ID

--image <IMAGE> can either be a local image id or fully qualified image name from a remote registry
--oci-dir <DIR> can point to a local image in OCI directory format
--remediate include suggested remediation in the output
CVE_ID can be any known CVE id

Path	Synopsis
cmd
docker-index
commands
format
internal Package internal contains all build time metadata (version, build time, git commit, etc).	Package internal contains all build time metadata (version, build time, git commit, etc).
ddhttp
lsp
query
registry
sbom
detect
util
types