Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make --docker flag use new container scanning #1316

Open
oliverchang opened this issue Oct 9, 2024 · 1 comment
Open

Make --docker flag use new container scanning #1316

oliverchang opened this issue Oct 9, 2024 · 1 comment
Assignees
@another-rex
Labels
container-scanning-mvp blockers for container scanning MVP enhancement New feature or request

Comments

@oliverchang
Copy link
Collaborator

Do docker pull and docker save under the hood for convenience.
@oliverchang oliverchang added enhancement New feature or request container-scanning-mvp blockers for container scanning MVP labels Oct 9, 2024
@oliverchang
Copy link
Collaborator Author

FYI @another-rex @hogo6002

@another-rex another-rex mentioned this issue Oct 30, 2024
Merged
2 tasks
another-rex added a commit that referenced this issue Oct 30, 2024
@another-rex
feat: Update docker container scanning flag (#1350)
1638434 
Resolves #1316 

Update the --docker flag to:
- Only accept one image to scan at a time (to make displaying results
easier)
- Call new image scanning function internally.
- Acts like a convenience function for 
```
docker save <image-name> > img-name.tar && osv-scanner --experimental-oci-image=img.name.tar
```

TODO: 
- [x] Add an ACCEPTANCE test which uses docker to pull down a stable
image.
- [x] Include a docker pull first, as docker save only saves images
already on device and does not pull images online.
another-rex added a commit to another-rex/osv-scanner that referenced this issue Nov 1, 2024
@another-rex
feat: Update docker container scanning flag (google#1350)
55b629a 
Resolves google#1316 

Update the --docker flag to:
- Only accept one image to scan at a time (to make displaying results
easier)
- Call new image scanning function internally.
- Acts like a convenience function for 
```
docker save <image-name> > img-name.tar && osv-scanner --experimental-oci-image=img.name.tar
```

TODO: 
- [x] Add an ACCEPTANCE test which uses docker to pull down a stable
image.
- [x] Include a docker pull first, as docker save only saves images
already on device and does not pull images online.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@another-rex another-rex

Labels
container-scanning-mvp blockers for container scanning MVP enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oliverchang @another-rex