Command line tools for container quality assurance

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vsochat from gravatar.com vsochat

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Affero General Public License v3 or later (AGPLv3+) (LICENSE)

Author: Vanessa Sochat

Tags singularity, container, tools

Classifiers

Project description

# Singularity Container Tools

These are tools for Singularity containers, optimized for using with continuous integration for security and quality checks. Right now the package is under development, and these general notes are provided for refernece.

In this work we will use [Clair OS](https://github.com/coreos/clair) combined with Continuous Integration (travis and circle) to scan [Singularity](https://singularityware.github.io) containers for security vulnerabilities.

## Background Clair is intended to run as a server to continuous scan Docker layers for vulnerabilities. This doesn’t map well to the research domain because of the following:

  • Docker containers come in layers (.tar.gz files) while Singularity images are single binary files that don’t “plug in” nicely to Clair.

  • Most researchers can’t support continuous running of such a service.

On the other hand, a typical researcher does use services like [TravisCI](https://travis-ci.org) and [CircleCI](https://circle-ci.org) to run their code bases against tests. Since these services now offer running containers and other service-type things, we in fact could do the following:

  • Spin up a Clair server during testing

  • Build a Singularity image, and scan the filesystem contents (before finalized in the image).

While this isn’t a continually running service, we can minimally ensure that a container is scanned each time it is built (and then likely merged to be used in production). If the user takes advantage of [Singularity Hub](https://www.singularity-hub.org) or [Singularity Registry Server](https://singularityhub.github.io/sregistry) the image will be pushed or built for production after passing these various tests.

This experiment is based on early discussion in [this thread](https://github.com/singularityhub/sregistry/issues/14).

## Basic Usage

Install

`bash pip install stools `

Start the Clair Server (you need Docker installed)

`bash ./start-clair `

Scan local images

`bash sclair vsoch-hello-world.simg `

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for vsochat from gravatar.com vsochat

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Affero General Public License v3 or later (AGPLv3+) (LICENSE)

Author: Vanessa Sochat

Tags singularity, container, tools

Classifiers

Release history Release notifications | RSS feed

0.0.13

0.0.12

0.0.1

This version

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stools-0.0.0.tar.gz (3.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page