This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow checks out code, builds an image, performs a container image | |
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security | |
# code scanning feature. For more information on the Anchore scan action usage | |
# and parameters, see https://github.com/anchore/scan-action. For more | |
# information on Anchore's container image scanning tool Grype, see | |
# https://github.com/anchore/grype | |
name: Anchore Container Scan | |
on: push | |
jobs: | |
Anchore-Build-Scan: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@ubuntu:/root# anchore toolbox --image nginx unpack --destdir /tmp/unpack_test | |
Unpacking images: 05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561 | |
Unpacked image: 05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561 | |
Unpack directory: /tmp/unpack_test/3526501.anchoretmp | |
root@ubuntu:/root# ls /tmp/unpack_test/3526501.anchoretmp | |
05a60462f8bafb215ddc5c20a364b5fb637670200a74a5bb13a1b23f64515561.json docker_history.json tarexcludes | |
8db2aad32a9f874e4212dde408c14ae0ba1c2e0d1b80484e223b2ff966386108 docker_inspect.json tarexcludes.8db2aad32a9f874e4212dde408c14ae0ba1c2e0d1b80484e223b2ff966386108 | |
908fdb1e18ef1ed3bdd042820eb55d62b9057ee62bff09bac459d1b1ba692406 manifest.json tarexcludes.908fdb1e18ef1ed3bdd042820eb55d62b9057ee62bff09bac459d1b1ba692406 | |
98f8314de6153f843cfc03062af5cb8269db2b87272f10406420f26af5446c5c rootfs tarexcludes.98f8314de6153f843cfc03062af5cb8269db2b87272f10406420f26af5446c5c | |
Dockerfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zhill@ubuntu:/home/zhill# anchore query --image nginx show-distro all | |
+--------------+--------------+--------+---------+ | |
| Image Id | Repo Tag | Distro | Version | | |
+--------------+--------------+--------+---------+ | |
| e43d811ce2f4 | nginx:latest | debian | 8 | | |
+--------------+--------------+--------+---------+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
testuser@myhost:/home/testuser# anchore toolbox --image nginx show-dockerfile | |
--- Image_Id --- | |
e43d811ce2f4 | |
--- Mode --- | |
Guessed | |
--- Dockerfile_Contents --- | |
FROM scratch | |
ADD file:23aa4f893e3288698c017b90be657911b72d54edb3b3a7c4d05c308f50f9228f in / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+ | |
| Image Id | Type | Current Tags | All Tags | Gate Status | Size(bytes) | Counts | Base Diffs | | |
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+ | |
| e43d811ce2f4 | anchorebase | nginx:latest | nginx:latest | STOP | 181468074 | PKGS=140 FILES=11174 | N/A | | |
| | | | | | | SUIDFILES=10 | | | |
+--------------+-------------+--------------+--------------+-------------+-------------+----------------------+------------+ |