This is a CLI tool that scans the filesystem of a cloud instance using grype while attempting to minimize the impact on the target resources.
It works by taking a snapshot of the instance filesystem, creating a new instance to be scanned, scanning, and then exporting the results before destroying the scanner instance. Leaving the original resources untouched.
This first iteration only works with droplets (VMs) on Digital Ocean.
- Python and pip (Tested on 3.10)
- Python packages: python-digitalocean, prettytable
- Linux system with OpenSSH (Not tested on Windows or Mac yet)
git clone https://github.com/lazarofraga/wingman.git
cd wingman
pip install -r requirements.txt
Set the DO_ACCESS_TOKEN:
export DO_ACCESS_TOKEN=<token_goes_here>
python3 main.py do -l
python3 main.py do -i 1234567,1234568
python3 main.py do