Skip to main content

Command line tool to interact with Clair

Project description

Tests CodeQL Coverage Status PyPI PyPI - Python Version PyPI - Wheel GitHub

claircli

claircli is a command line tool to interact with Quay Clair, which has following functionalities:

  • analyze docker images in local host
  • analyze docker images in remote host
  • analyze docker images in secure/insecure registry
  • support threshold/whitelist for vulnerabilities
  • support fat manifests
  • report to HTML/JSON, the html report is based on template

Installation

python3 -m pip install claircli

Commands

claircli -h
usage: claircli [-h] [-c CLAIR] [-f {html,json}] [-T THRESHOLD]
                [-w WHITE_LIST] [-l LOCAL_IP | -r] [-i REGISTRY] [-L LOG_FILE]
                [-d] [-V]
                IMAGE [IMAGE ...]

Command line tool to interact with Quay Clair to analyze docker image in different ways

positional arguments:
  IMAGE                 docker images or regular expression

optional arguments:
  -h, --help            show this help message and exit
  -c CLAIR, --clair CLAIR
                        clair url, default: http://localhost:6060
  -f {html,json}, --formats {html,json}
                        output report file with give format, default: ['html']
  -T THRESHOLD, --threshold THRESHOLD
                        cvd severity threshold, if any servity of
                        vulnerability above of threshold, will return non-
                        zero, default: Unknown, choices are: ['Defcon1',
                        'Critical', 'High', 'Medium', 'Low', 'Negligible',
                        'Unknown']
  -w WHITE_LIST, --white-list WHITE_LIST
                        path to the whitelist file
  -l LOCAL_IP, --local-ip LOCAL_IP
                        ip address of local host
  -r, --regex           if set, repository and tag of images will be treated
                        as regular expression
  -i REGISTRY, --insecure-registry REGISTRY
                        domain of insecure registry
  -k REGISTRY:TOKEN, --registry-token REGISTRY:TOKEN
                        uses the token for login to the given Docker registry
  -L LOG_FILE, --log-file LOG_FILE
                        save log to file
  -d, --debug           print more logs
  -V, --version         show program's version number and exit

Examples:

    # analyze and output report to html
    # clair is running at http://localhost:6060
    claircli example.reg.com/myimage1:latest example.reg.com/myimage2:latest

    # analyze image in insecure registry
    # clair is running at http://localhost:6060
    claircli -i example.reg.com example.reg.com/myimage1:latest

    # analyze and output report to html
    # clair is running at https://example.clair.com:6060
    claircli -c https://example.clair.com:6060 example.reg.com/myimage1:latest

    # analyze and output report to html, json
    claircli -f html -f json example.reg.com/myimage1:latest

    # analyze with threshold and white list
    claircli -t High -w white_list_file.yml example.reg.com/myimage1:latest

    # analyze image on local host
    claircli -l <local ip address> myimage1:latest myimage2:latest

    # analyze image on other host foo
    export DOCKER_HOST=tcp://<ip of foo>:<port of docker listen>
    claircli -l <local ip address> myimage1:latest

    # analyze with regular expression, following will match
    # example.reg.com/myimage1:latest
    # and example.reg.com/myimage2:latest
    claircli -r example.reg.com/myimage:latest

    # analyze with regular expression, following will match
    # example.reg.com/myimage1:latest only
    claircli -r example.reg.com/^myimage1$:^latest$

    # analyze an image stored in an Amazon ECR repository
    # This uses the registry token generated by the aws cli tool
    claircli -k 123456789012.dkr.ecr.us-east-1.amazonaws.com:$( aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' ) 123456789012.dkr.ecr.us-east-1.amazonaws.com/myimage:latest

Optional whitelist yaml file

This is an example yaml file. You can have an empty file or a mix with only common or <distribution>.

common:
  CVE-2017-6055: XML
  CVE-2017-5586: OpenText
ubuntu:
  CVE-2017-5230: XSX
  CVE-2017-5586: OpenText
alpine:
  CVE-2017-3261: SE

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

claircli-1.3.tar.gz (19.5 kB view details)

Uploaded Source

Built Distribution

claircli-1.3-py3-none-any.whl (20.7 kB view details)

Uploaded Python 3

File details

Details for the file claircli-1.3.tar.gz.

File metadata

  • Download URL: claircli-1.3.tar.gz
  • Upload date:
  • Size: 19.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.4.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5

File hashes

Hashes for claircli-1.3.tar.gz
Algorithm Hash digest
SHA256 4f2066775927a2b046bce1b907879e0a9a40640cfded274932dba47ced524ef4
MD5 795b9f190b3b046090a4ba1456862b21
BLAKE2b-256 05d485c3dda8d2987e7fce920d7cef05350059afa26cbf21baccdeadd0234fa4

See more details on using hashes here.

File details

Details for the file claircli-1.3-py3-none-any.whl.

File metadata

  • Download URL: claircli-1.3-py3-none-any.whl
  • Upload date:
  • Size: 20.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.4.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5

File hashes

Hashes for claircli-1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 c214830ee241ba86f2ec1639fb8e3fc4ee25969d484b3ec3a7327fa34df6d3a7
MD5 aa2ddf00167ef34d2baa70a41642addd
BLAKE2b-256 b733f4fdd81bab9c5e13a4965ed041a9a0f69e0e5471ea2d13a2c69a1d7b627b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page