Skip to content

Latest commit

 

History

History
231 lines (203 loc) · 12.3 KB

README.md

File metadata and controls

231 lines (203 loc) · 12.3 KB

Show information of container images ordered by recently updated.
Now supporting Docker Hub, GitHub Container Repository (ghcr.io), GCR (Google Container Registry) and Amazon ECR (Elastic Container Registry).

Quick Start

$ brew install goodwithtech/r/dockertags
$ dockertags [IMAGE_NAME]

or 

$ docker run --rm goodwithtech/dockertags [IMAGENAME]

When to Use

Make easy to fetch target tag in scheduled operation.

$ dockertags -limit 1 -format json <imagename> | jq -r .[0].tags[0]
...output tag...

# Scan a latest container image with https://github.com/aquasecurity/trivy
$ export IMAGENAME=<imagename>
$ trivy $IMAGENAME:$(dockertags -limit 1 -format json $IMAGENAME | jq -r .[0].tags[0])

Examples

$ dockertags alpine
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
|              TAG               |              SIZE              |             DIGEST             |            OS/ARCH             | CREATED AT |     UPLOADED AT      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
| 3.9                            | 2.7M                           | fa5361fbf636                   | linux/ppc64le                  | NULL       | 2020-01-23T17:42:13Z |
| 3.9.5                          | 2.6M                           | c7b3e8392e08                   | linux/386                      |            |                      |
|                                | 2.6M                           | cae6522b6a35                   | linux/arm64                    |            |                      |
|                                | 2.2M                           | 0c6b515386fd                   | linux/arm                      |            |                      |
|                                | 2.4M                           | 97e9e9a15ef9                   | linux/s390x                    |            |                      |
|                                | 2.4M                           | 5292cebaf695                   | linux/arm                      |            |                      |
|                                | 2.6M                           | ab3fe83c0696                   | linux/amd64                    |            |                      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
| 3.8                            | 2M                             | e802987f152d                   | linux/arm64                    | NULL       | 2020-01-23T17:41:40Z |
| 3.8.5                          | 2.1M                           | 402d21757a03                   | linux/ppc64le                  |            |                      |
|                                | 2.2M                           | cf35b4fa14e2                   | linux/386                      |            |                      |
|                                | 2M                             | dabea2944dcc                   | linux/arm                      |            |                      |
|                                | 2.1M                           | 954b378c375d                   | linux/amd64                    |            |                      |
|                                | 2.2M                           | 514ec80ffbe1                   | linux/s390x                    |            |                      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
| 3.10                           | 2.7M                           | 33158d51a7a5                   | linux/ppc64le                  | NULL       | 2020-01-23T17:41:10Z |
| 3.10.4                         | 2.7M                           | de78803598bc                   | linux/amd64                    |            |                      |
|                                | 2.5M                           | 9afbfccb8066                   | linux/arm                      |            |                      |
|                                | 2.7M                           | 747f335d2f68                   | linux/386                      |            |                      |
|                                | 2.5M                           | 216161924b52                   | linux/s390x                    |            |                      |
|                                | 2.3M                           | 2632d6288d34                   | linux/arm                      |            |                      |
|                                | 2.6M                           | 4491fd429b8a                   | linux/arm64                    |            |                      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
| edge                           | 2.6M                           | fb7bea212348                   | linux/arm64                    | NULL       | 2020-01-23T00:41:09Z |
| 20200122                       | 2.5M                           | e3e522f13253                   | linux/arm                      |            |                      |
|                                | 2.7M                           | 7b5953e862c9                   | linux/ppc64le                  |            |                      |
|                                | 2.3M                           | e137ff293fcc                   | linux/arm                      |            |                      |
|                                | 2.7M                           | 5f60bf03cace                   | linux/386                      |            |                      |
|                                | 2.5M                           | cb3bf0adee89                   | linux/s390x                    |            |                      |
|                                | 2.7M                           | 9898e9a51db3                   | linux/amd64                    |            |                      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+
| latest                         | 2.6M                           | 4d5c59516695                   | linux/arm64                    | NULL       | 2020-01-18T02:41:10Z |
| 3.11.3                         | 2.3M                           | 2c26a655f6e3                   | linux/arm                      |            |                      |
|                                | 2.5M                           | 401f030aa35e                   | linux/arm                      |            |                      |
|                                | 2.7M                           | ddba4d27a7ff                   | linux/amd64                    |            |                      |
|                                | 2.5M                           | ef20eb43010a                   | linux/s390x                    |            |                      |
|                                | 2.7M                           | c40c013324aa                   | linux/386                      |            |                      |
|                                | 2.7M                           | ff8a6adf5859                   | linux/ppc64le                  |            |                      |
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+------------+----------------------+

# You can set limit, filter and format
$ dockertags  -limit 1 -contain latest -format json alpine
[
  {
    "tags": [
      "latest",
      "3.11.3",
      "3.11",
      "3"
    ],
    "data": [
      {
        "Os": "linux",
        "Arch": "ppc64le",
        "Digest": "sha256:ff8a6adf5859433869343296f1b06e0a7bdf4fc836b08d5854221e351baf6929",
        "byte": 2822125
      },
      {
        "Os": "linux",
        "Arch": "arm64",
        "Digest": "sha256:4d5c5951669588e23881c158629ae6bac4ab44866d5b4d150c3f15d91f26682b",
        "byte": 2723075
      },
      {
        "Os": "linux",
        "Arch": "s390x",
        "Digest": "sha256:ef20eb43010abda2d7944e0cd11ef00a961ff7a7f953671226fbf8747895417d",
        "byte": 2582031
      },
      {
        "Os": "linux",
        "Arch": "arm",
        "Digest": "sha256:401f030aa35e86bafd31c6cc292b01659cbde72d77e8c24737bd63283837f02c",
        "byte": 2617562
      },
      {
        "Os": "linux",
        "Arch": "386",
        "Digest": "sha256:c40c013324aa73f430d33724d8030c34b1881e96b23f44ec616f1caf8dbf445f",
        "byte": 2806560
      },
      {
        "Os": "linux",
        "Arch": "amd64",
        "Digest": "sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45",
        "byte": 2802957
      },
      {
        "Os": "linux",
        "Arch": "arm",
        "Digest": "sha256:2c26a655f6e38294e859edac46230210bbed3591d6ff57060b8671cda09756d4",
        "byte": 2419554
      }
    ],
    "created_at": "0001-01-01T00:00:00Z",
    "uploaded_at": "2020-01-18T02:41:10.850638Z"
  }
]

Usage

NAME:
  dockertags - fetch docker image tags
  dockertags [options] image_name
OPTIONS:
  --limit value, -l value        set max tags count. if exist no tag image will be short numbers. limit=0 means fetch all tags (default: 10)
  --contain value, -c value      contains target string. multiple string allows.
  --format value, -f value       target format table or json, default table (default: "table")
  --output value, -o value       output file name, default output to stdout
  --authurl value, --auth value  GetURL when fetch authentication
  --timeout value, -t value      e.g)5s, 1m (default: 10s)
  --username value, -u value     Username
  --password value, -p value     Using -password via CLI is insecure. Be careful.
  --debug, -d                    Show debug logs
  --help, -h                     show help
  --version, -v                  print the version

GitHub Actions

You can scan target image everyday recently updated.
This actions also notify results if trivy detects vulnerabilities.

name: Scan the target image with trivy
on:
  schedule:
      - cron:  '0 0 * * *'
jobs:
  scan:
    name: Scan via trivy
    runs-on: ubuntu-latest
    env:
      IMAGE: goodwithtech/dockle # target image name
      FILTER: v0.2    # pattern : /*v0.2*/
    steps:
      - name: detect a target image tag
        id: target
        run: echo ::set-output name=ver::$(
            docker run --rm goodwithtech/dockertags -contain $FILTER -limit 1 -format json $IMAGE
            | jq -r .[0].tags[0]
            )
      - name: detect a trivy image tag
        id: trivy
        run: echo ::set-output name=ver::$(
            docker run --rm goodwithtech/dockertags -limit 1 -format json aquasec/trivy
            | jq -r .[0].tags[0]
            )
      - name: check tags
        run: |
          echo trivy ${{ steps.trivy.outputs.ver }}
          echo $IMAGE ${{ steps.target.outputs.ver }}
      - name: scan the image with trivy
        run: docker run aquasec/trivy:${{ steps.trivy.outputs.ver }}
          --cache-dir /var/lib/trivy --exit-code 1 --no-progress
          $IMAGE:${{ steps.target.outputs.ver }}
      - name: notify to slack
        if: failure()
        uses: rtCamp/action-slack-notify@master
        env:
          SLACK_CHANNEL: channel  # target channel
          SLACK_MESSAGE: 'failed : trivy detects vulnerabilities'
          SLACK_TITLE: trivy-scan-notifier
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

Authentication

Docker Hub

You can use --username and --password of Docker Hub.

dockertags -u goodwithtech -p xxxx goodwithtech/privateimage

Amazon ECR (Elastic Container Registry)

Use AWS CLI's ENVIRONMENT variables.

AWS_PROFILE={PROFILE_NAME}
AWS_DEFAULT_REGION={REGION}

GCR (Google Container Registry)

If you'd like to use the target project's repository, you can settle via GOOGLE_APPLICATION_CREDENTIAL.

GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential.json