Command line tools for container quality assurance

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vsochat from gravatar.com vsochat

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3 or later (AGPLv3+) (LICENSE)
  • Author: Vanessa Sochat
  • Tags singularity, container, tools
Classifiers

Project description

# Singularity Container Tools

These are tools for Singularity containers, optimized for using with continuous integration for security and quality checks. Right now the package is under development, and these general notes are provided for refernece.

In this work we will use [Clair OS](https://github.com/coreos/clair) combined with Continuous Integration (travis and circle) to scan [Singularity](https://singularityware.github.io) containers for security vulnerabilities.

## Background Clair is intended to run as a server to continuous scan Docker layers for vulnerabilities. This doesn’t map well to the research domain because of the following:

  • Docker containers come in layers (.tar.gz files) while Singularity images are single binary files that don’t “plug in” nicely to Clair.

  • Most researchers can’t support continuous running of such a service.

On the other hand, a typical researcher does use services like [TravisCI](https://travis-ci.org) and [CircleCI](https://circle-ci.org) to run their code bases against tests. Since these services now offer running containers and other service-type things, we in fact could do the following:

  • Spin up a Clair server during testing

  • Build a Singularity image, and scan the filesystem contents (before finalized in the image).

While this isn’t a continually running service, we can minimally ensure that a container is scanned each time it is built (and then likely merged to be used in production). If the user takes advantage of [Singularity Hub](https://www.singularity-hub.org) or [Singularity Registry Server](https://singularityhub.github.io/sregistry) the image will be pushed or built for production after passing these various tests.

This experiment is based on early discussion in [this thread](https://github.com/singularityhub/sregistry/issues/14).

## Basic Usage

Install

`bash pip install stools `

Start the Clair Server (you need Docker installed)

`bash ./start-clair `

Scan local images

`bash sclair vsoch-hello-world.simg `

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vsochat from gravatar.com vsochat

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU Affero General Public License v3 or later (AGPLv3+) (LICENSE)
  • Author: Vanessa Sochat
  • Tags singularity, container, tools
Classifiers

Release history Release notifications | RSS feed

0.0.13

0.0.12

0.0.1

This version

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stools-0.0.0.tar.gz (3.4 kB view details)

Uploaded Source

File details

Details for the file stools-0.0.0.tar.gz.

File metadata

  • Download URL: stools-0.0.0.tar.gz
  • Upload date:
  • Size: 3.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for stools-0.0.0.tar.gz
Algorithm Hash digest
SHA256 ba0e05b1579efea35da9187a49c599e5838e1e11c396d12482cef15036befa7a
MD5 9ecd34e68bcdf52a562bffaa6558273a
BLAKE2b-256 1c47fc409f73775ac00ab9c8e23f6a1e9a54a33505e0a6b49a6c6a36ab4a5ec0

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page