Ability to Scan docker Image by providing tar archive directly
sufiyanghori opened this issue · comments
Hi,
When the image scan is executed the SecretScanner runs docker save
and then extract the content of the saved tar
then perform a scan on it.
It would be great to have a functionality to provide the tar image directly for scanning so that we don't have to use Docker daemon to run docker save
first.
The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.
In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.
The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.
Thanks for the update. This is a useful feature for SecretScanner. Would you like to raise a pull request for this change?
The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.
In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.Thanks for the update. This is a useful feature for SecretScanner. Would you like to raise a pull request for this change?
For sure, I will do a pull request soon :)