hansel

module
v0.0.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2025 License: MIT

README

Hansel

OpenSSF Scorecard Badge

Hansel generates empty linux packages. These packages can be installed to track dependencies manually added to a container image.

Usage example

Usage

You can add hansel to an image, and generate + install tracking packages for dependencies in a single step:

FROM node:18-alpine

COPY --from=ghcr.io/shopify/hansel:latest /usr/bin/hansel /usr/bin/hansel
RUN hansel --name node --version "$(node -v | sed -e's/^v//g')" --install

You can use hansel in a multistep build to generate and install separately:

FROM ghcr.io/shopify/hansel:latest AS crumbs
RUN hansel --name rando-thing --version 1.2.3 --debian

FROM debian:bullseye
RUN curl -o /usr/bin/rando-thing https://rando.thing/v1.2.3/unsigned-blob-yolo
COPY --from=crumbs /rando-thing*.deb /tmp/rando-thing.deb
RUN dpkg -i /tmp/rando-thing.deb && \
    rm /tmp/rando-thing.deb

The name is inspired by Hansel and Gretel, as the packages are breadcrumbs left for container scanners to identify.

Directories

Path Synopsis
cmd
hansel command
internal
cli

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.