General usage
Granted Docker is installed on your machine, download Meterian convenience script docker-scan.sh.
Render the script executable and simply invoke a one-time analysis of any given Docker image by executing docker-scan.sh
(the target image must be already pulled on you machine)
Following this invocation the analysis kicks off and a link to the final results is displayed right at the end. Here is a sample:
Analyses need to be authenticated hence you will need to provide a valid token through the environment variable METERIAN_API_TOKEN
to execute one.
The script essentially runs the official container scanner Docker image meterian/cs-engine:latest
taking care of essential volume maps and environment variables presets for you.
Through Docker, the script will ensure to pull the latest version of container scanner image for you if it is not already pulled on your system. Subsequent invocations of the script will not ensure this. Newer versions of the image should be pulled with the docker pull command
Operational flags and overrides
The Meterian docker-scan
script allows to provide different levels of verbosity of the output prompts seen above. Invoke the script with the flag
--info
for additional information logs to be displayed--debug
for complete debug logs to be displayed
Operational overrides are available through the environment variables
Last updated