feature request that cvescan be made to work in ubuntu container images #55
Comments
|
The quickest way to achieve that right now is to export a manifest file from the container and use CVEScan to scan that manifest file. See https://github.com/canonical/sec-cvescan/#generating-and-scanning-a-manifest-file for more information. You could also use pip to install CVEScan inside of your container (https://github.com/canonical/sec-cvescan/#install-in-local-environment). Depending on which container format you're using, this should work ok. |
|
yeah good call mssalvatore. manifest is workable. just need some improved parsing for the manifest flow (manifest created with dpkg -l. _get_codename function in manifest_parser.py doesn't typically find the distro for container with the given regex. and the typical column output of dpkg -l doesnt match the parsing in get_install_pkgs_from_manifest. and i may be totally missing what commands should be used to create a manifest to then feed into cvescan tool, i just wasn't readily able to find it. but all good on my end. thanks for help! |
|
@tonkapango I have some minor improvements on the v3.0.0 branch, with more planned. Take a look at the README on the 3.0.0 branch and let me know if that works better for you. |
Could there be a mode where cvescan could run inside a container and only look at the os packages install in that container image?
The text was updated successfully, but these errors were encountered: