Container image for Sysdig CLI Scanner.
Mounting the /cache
directory is optional, whether it has been done make sure it is writable by the user with id/gid 1000/1000
.
Variable | Description | Optional |
---|---|---|
SECURE_API_TOKEN | Secret containing the API-Token | |
SYSDIG_SECURE_ENDPOINT | Sysdig Secure Endpoint | |
IMAGE_NAME | Name of the image to be scanned | |
OPTIONS | Command line parameters | ✅ |
Default values are:
--apiurl ${SYSDIG_SECURE_ENDPOINT}
--console-log
--dbpath=/cache/db/
--cachepath=/cache/scanner-cache/
${OPTIONS:- --skipupload --full-vulns-table --detailed-policies-eval}
${IMAGE_NAME}
docker run --rm -it \
-v ${TMPDIR:-/tmp}:/cache
-e SECURE_API_TOKEN=$SECURE_API_TOKEN \
-e SYSDIG_SECURE_ENDPOINT=<sysdig-api-url> \
-e IMAGE_NAME=<image-name> \
-e OPTIONS="--skipupload" \
ghcr.io/filippobuletto/sysdig-cli-scanner
or you can inline the command line parameters
docker run --rm -it \
-v ${TMPDIR:-/tmp}:/cache
-e SECURE_API_TOKEN=$SECURE_API_TOKEN \
ghcr.io/filippobuletto/sysdig-cli-scanner \
--apiurl <sysdig-api-url> \
--console-log \
--dbpath=/cache/db/ \
--cachepath=/cache/scanner-cache/ \
--skipupload \
<image-name>
You can also mount the docker/podman/containerd socket for local scanning.
I am not affiliated, associated, authorized, endorsed by, or in any way officially connected with sysdig.com, Inc., or any of its subsidiaries or its affiliates. The official sysdig.com, Inc. website can be found at https://sysdig.com.