Command line tool to interact with Clair
Project description
claircli
claircli is a command line tool to interact with CoreOS Clair
- analyze loacl/remote docker image with Clair
- generate HTML/JSON report, the html report template is from analysis-template.html
Installation
pip install claircli
Commands
claircli -h
usage: claircli [-h] [-V] [-c CLAIR] [-w WHITE_LIST] [-T THRESHOLD]
[-f {html,json}] [-L LOG_FILE] [-d] [-l LOCAL_IP | -r]
images [images ...]
Command line tool to interact with CoreOS Clair, analyze docker image with
clair in different ways
positional arguments:
images docker images or regular expression
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
-c CLAIR, --clair CLAIR
clair url, default: http://localhost:6060
-w WHITE_LIST, --white-list WHITE_LIST
path to the whitelist file
-T THRESHOLD, --threshold THRESHOLD
cvd severity threshold, if any servity of
vulnerability above of threshold, will return non-
zero, default: Unknown, choices are: ['Defcon1',
'Critical', 'High', 'Medium', 'Low', 'Negligible',
'Unknown']
-f {html,json}, --formats {html,json}
output report file with give format, default: ['html']
-L LOG_FILE, --log-file LOG_FILE
save log to file
-d, --debug print more logs
-l LOCAL_IP, --local-ip LOCAL_IP
ip address of local host
-r, --regex if set, repository and tag of images will be treated
as regular expression
Examples:
# analyze and output report to html
# clair is running at http://localhost:6060
claircli example.reg.com/myimage1:latest example.reg.com/myimage2:latest
# analyze and output report to html
# clair is running at https://example.clair.com:6060
claircli -c https://example.clair.com:6060 example.reg.com/myimage1:latest
# analyze and output report to html, json
claircli -f html -f json example.reg.com/myimage1:latest
# analyze with threshold and white list
claircli -t High -w white_list_file.yml example.reg.com/myimage1:latest
# analyze image on local host
claircli -l <local ip address> myimage1:latest myimage2:latest
# analyze image on other host foo
export DOCKER_HOST=tcp://<ip of foo>:<port of docker listen>
claircli -l <local ip address> myimage1:latest
# analyze with regular expression, following will match
# example.reg.com/myimage1:latest
# and example.reg.com/myimage2:latest
claircli -r example.reg.com/myimage:latest
# analyze with regular expression, following will match
# example.reg.com/myimage1:latest only
claircli -r example.reg.com/^myimage1$:^latest$
Optional whitelist yaml file
This is an example yaml file. You can have an empty file or a mix with only common
or <distribution>
.
common:
CVE-2017-6055: XML
CVE-2017-5586: OpenText
ubuntu:
CVE-2017-5230: XSX
CVE-2017-5586: OpenText
alpine:
CVE-2017-3261: SE
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
claircli-1.0.tar.gz
(13.6 kB
view hashes)
Built Distributions
claircli-1.0-py3-none-any.whl
(19.4 kB
view hashes)
claircli-1.0-py2-none-any.whl
(19.4 kB
view hashes)