Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support remote registries #12

Open
ogarrett opened this issue Jul 5, 2022 · 5 comments
Open

Support remote registries #12

ogarrett opened this issue Jul 5, 2022 · 5 comments
Assignees
@ibreakthecloud
Labels
enhancement New feature or request hacktoberfest help wanted Extra attention is needed

Comments

@ogarrett
Copy link
Contributor

ogarrett commented Jul 5, 2022

Use case: I am planning to deploy a container to production. I wish to scan this container for IOCs beforehand.

Workaround: I can pull the container from its remote location, and then scan the local copy:

docker pull node:10.19
docker run -it --rm --name=deepfence-ioc-scanner \
    -v /var/run/docker.sock:/var/run/docker.sock \
    deepfenceio/deepfence-ioc-scanner:latest -image-name node:10.19
docker rmi node:10:19

I would like to be able to scan the image directly:

docker run -it --rm --name=deepfence-ioc-scanner \
    -v /var/run/docker.sock:/var/run/docker.sock \
    deepfenceio/deepfence-ioc-scanner:latest -image-name node:10.19

... and for the scanner to pull and delete the image automatically.
@ogarrett ogarrett added enhancement New feature or request help wanted Extra attention is needed labels Jul 5, 2022
@rahulsurwade08
Copy link

Hey, I would love to work on this issue under hacktoberfest. How can I get started?

@ibreakthecloud
Copy link
Contributor

sure I'll assign this to you.

The idea is to pull the image if locally not available and after scanning remove it.

@rahulsurwade08
Copy link

@ibreakthecloud Thank you. Can you explain the issue more and also provide resources for it?

@ibreakthecloud
Copy link
Contributor

@ibreakthecloud Thank you. Can you explain the issue more and also provide resources for it?

right now if you see, we do docker pull of image and then run scan on it, refer to this: https://github.com/deepfence/YaraHunter#example-finding-indicators-of-compromise-in-a-container-image

But if we run scan and the image is not present locally, the scan will fail.
For example:
If we run

docker run -it --rm --name=deepfence-yarahunter \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v /tmp:/home/deepfence/output \
     deepfenceio/yara-hunter:latest --image-name metal3d/xmrig:latest \
     --json-filename=xmrig-scan.json

without pulling metal3d/xmrig:latest. The scan will fail since image is not present locally.
in ideal world, adding a if condition, something like

if imagePresent == false { 
    // pull and remove once done 
}

before this line would work

@yashsinghcodes
Copy link

@ibreakthecloud Hi, is this issue has been solved yet?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibreakthecloud ibreakthecloud

Labels
enhancement New feature or request hacktoberfest help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ogarrett @ibreakthecloud @yashsinghcodes @rahulsurwade08