Skip to content

Instantly share code, notes, and snippets.

@zhill
zhill / gist:0adba9905dd212c7c6f9935497df74fc
Last active October 12, 2020 23:26
Updated default Anchore Scan Action example workflow
# This workflow checks out code, builds an image, performs a container image
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
# code scanning feature. For more information on the Anchore scan action usage
# and parameters, see https://github.com/anchore/scan-action. For more
# information on Anchore's container image scanning tool Grype, see
# https://github.com/anchore/grype
name: Anchore Container Scan
on: push
jobs:
Anchore-Build-Scan:
@zhill
zhill / gist:eada818e705ebb7584c3884fce8a463b
Created November 23, 2016 20:51
Anchore 'toolbox unpack' output and dir listing when executed against 'nginx'
root@ubuntu:/root# anchore toolbox --image nginx unpack --destdir /tmp/unpack_test
Unpacking images: 05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561
Unpacked image: 05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561
Unpack directory: /tmp/unpack_test/3526501.anchoretmp
root@ubuntu:/root# ls /tmp/unpack_test/3526501.anchoretmp
05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561.json docker_history.json tarexcludes
8db2aad32a9f874e4212dde408c14ae0ba1c2e0d1b80484e223b2ff966386108 docker_inspect.json tarexcludes.8db2aad32a9f874e4212dde408c14ae0ba1c2e0d1b80484e223b2ff966386108
908fdb1e18ef1ed3bdd042820eb55d62b9057ee62bff09bac459d1b1ba692406 manifest.json tarexcludes.908fdb1e18ef1ed3bdd042820eb55d62b9057ee62bff09bac459d1b1ba692406
98f8314de6153f843cfc03062af5cb8269db2b87272f10406420f26af5446c5c rootfs tarexcludes.98f8314de6153f843cfc03062af5cb8269db2b87272f10406420f26af5446c5c
Dockerfile
zhill@ubuntu:/home/zhill# anchore query --image nginx show-distro all
+--------------+--------------+--------+---------+
| Image Id | Repo Tag | Distro | Version |
+--------------+--------------+--------+---------+
| e43d811ce2f4 | nginx:latest | debian | 8 |
+--------------+--------------+--------+---------+
@zhill
zhill / gist:a59719f15662909bb82520e769a33f73
Created November 23, 2016 20:41
Anchore nginx show-dockerfile
testuser@myhost:/home/testuser# anchore toolbox --image nginx show-dockerfile
--- Image_Id ---
e43d811ce2f4
--- Mode ---
Guessed
--- Dockerfile_Contents ---
FROM scratch
ADD file:23aa4f893e3288698c017b90be657911b72d54edb3b3a7c4d05c308f50f9228f in /
@zhill
zhill / gist:aa14b0ef49af6080427dbc2a1842274e
Created November 1, 2016 18:45
anchore audit --image nginx report
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+
| Image Id | Type | Current Tags | All Tags | Gate Status | Size(bytes) | Counts | Base Diffs |
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+
| e43d811ce2f4 | anchorebase | nginx:latest | nginx:latest | STOP | 181468074 | PKGS=140 FILES=11174 | N/A |
| | | | | | | SUIDFILES=10 | |
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+