deepfence
Support remote registries
Use case: I am planning to deploy a container to production. I wish to scan this container for IOCs beforehand.
Workaround: I can pull the container from its remote location, and then scan the local copy:
docker pull node:10.19
docker run -it --rm --name=deepfence-ioc-scanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence-ioc-scanner:latest -image-name node:10.19
docker rmi node:10:19
I would like to be able to scan the image directly:
docker run -it --rm --name=deepfence-ioc-scanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence-ioc-scanner:latest -image-name node:10.19
... and for the scanner to pull and delete the image automatically.
Hey, I would love to work on this issue under hacktoberfest. How can I get started?
sure I'll assign this to you.
The idea is to pull the image if locally not available and after scanning remove it.
@ibreakthecloud Thank you. Can you explain the issue more and also provide resources for it?
@ibreakthecloud Thank you. Can you explain the issue more and also provide resources for it?
right now if you see, we do docker pull of image and then run scan on it, refer to this: https://github.com/deepfence/YaraHunter#example-finding-indicators-of-compromise-in-a-container-image
But if we run scan and the image is not present locally, the scan will fail. For example: If we run
docker run -it --rm --name=deepfence-yarahunter \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp:/home/deepfence/output \
deepfenceio/yara-hunter:latest --image-name metal3d/xmrig:latest \
--json-filename=xmrig-scan.json
without pulling metal3d/xmrig:latest. The scan will fail since image is not present locally.
in ideal world, adding a if condition, something like
if imagePresent == false {
// pull and remove once done
}
before this line would work
