Skip to content

Commit 8dc1a55

Browse files
carlosmmatoscarlosmmatos
authored
feat(container-pull-script): add new SHRA images (#385)
Closes #384 This PR adds the `falcon-jobcontroller` and `falcon-registryassessmentexecutor` images used for Self Hosted Registry Assessments.
1 parent 8748322 commit 8dc1a55

File tree

2 files changed

+80
-35
lines changed

2 files changed

+80
-35
lines changed

bash/containers/falcon-container-sensor-pull/README.md

+44-30
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Falcon Container Sensor pull script
22

3-
Use this bash script to pull the latest **Falcon Container** sensor, **Node DaemonSet** sensor, **Kubernetes Admission Controller** or **Kubernetes Protection Agent** from the CrowdStrike container registry and push it to your local Docker registry or remote registries.
3+
A bash script for managing CrowdStrike Falcon container images. Pull from the official registry, copy to local/remote registries, generate Kubernetes pull tokens, retrieve image paths, manage credentials and more.
44

55
## Deprecation Warning :warning:
66

@@ -46,7 +46,7 @@ To check your version of cURL, run the following command: `curl --version`
4646
> [!IMPORTANT]
4747
> The following API scopes are the minimum required to retrieve the images. If you need to perform other operations post-retrieval, please refer to the CrowdStrike documentation to identify any additional scopes that may be required.
4848
49-
- **falcon-sensor | falcon-container | falcon-kac | falcon-imageanalyzer**
49+
- **falcon-sensor | falcon-container | falcon-kac | falcon-imageanalyzer | falcon-jobcontroller | falcon-registryassessmentexecutor**
5050
- `Sensor Download (read)`
5151
- `Falcon Images Download (read)`
5252
- **kpagent**
@@ -83,7 +83,19 @@ Optional Flags:
8383
-c, --copy <REGISTRY/NAMESPACE> Registry to copy the image to, e.g., myregistry.com/mynamespace
8484
-v, --version <SENSOR_VERSION> Specify sensor version to retrieve from the registry
8585
-p, --platform <SENSOR_PLATFORM> Specify sensor platform to retrieve, e.g., x86_64, aarch64
86-
-t, --type <SENSOR_TYPE> Specify which sensor to download [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent|fcs] (Default: falcon-container)
86+
-t, --type <SENSOR_TYPE> Specify which sensor to download (Default: falcon-container)
87+
88+
Available sensor types:
89+
-----------------------
90+
falcon-container
91+
falcon-sensor
92+
falcon-kac
93+
falcon-snapshot
94+
falcon-imageanalyzer
95+
kpagent
96+
fcs
97+
falcon-jobcontroller
98+
falcon-registryassessmentexecutor
8799
88100
--runtime <RUNTIME> Use a different container runtime [docker, podman, skopeo] (Default: docker)
89101
--dump-credentials Print registry credentials to stdout to copy/paste into container tools
@@ -104,24 +116,24 @@ Help Options:
104116

105117
> **Note**: **Settings can be passed to the script via CLI flags or environment variables:**
106118
107-
| Flags | Environment Variables | Default | Description |
108-
| :--------------------------------------------- | ----------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
109-
| `-f`, `--cid <FALCON_CID>` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* |
110-
| `-u`, `--client-id <FALCON_CLIENT_ID>` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID |
111-
| `-s`, `--client-secret <FALCON_CLIENT_SECRET>` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret |
112-
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. \**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
113-
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` |
114-
| `-v`, `--version <SENSOR_VERSION>` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry |
115-
| `-p`, `--platform <SENSOR_PLATFORM>` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry |
116-
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`] ([see more details below](#sensor-types)) |
117-
| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. |
118-
| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools |
119-
| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. |
120-
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. |
121-
| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. |
122-
| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor |
123-
| `--allow-legacy-curl` | `$ALLOW_LEGACY_CURL` | `False` (Optional) | Allow the script to run with an older version of cURL |
124-
| `-h`, `--help` | N/A | `None` | Display help message |
119+
| Flags | Environment Variables | Default | Description |
120+
| :--------------------------------------------- | ----------------------- | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
121+
| `-f`, `--cid <FALCON_CID>` | `$FALCON_CID` | `None` (Optional) | CrowdStrike Customer ID (CID). *If not provided, CID will be auto-detected.* |
122+
| `-u`, `--client-id <FALCON_CLIENT_ID>` | `$FALCON_CLIENT_ID` | `None` (Required) | CrowdStrike API Client ID |
123+
| `-s`, `--client-secret <FALCON_CLIENT_SECRET>` | `$FALCON_CLIENT_SECRET` | `None` (Required) | CrowdStrike API Client Secret |
124+
| `-r`, `--region <FALCON_CLOUD>` | `$FALCON_CLOUD` | `us-1` (Optional) | CrowdStrike Region. \**Auto-discovery is only available for [`us-1, us-2, eu-1`] regions.* |
125+
| `-c`, `--copy <REGISTRY/NAMESPACE>` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` |
126+
| `-v`, `--version <SENSOR_VERSION>` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry |
127+
| `-p`, `--platform <SENSOR_PLATFORM>` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry |
128+
| `-t`, `--type <SENSOR_TYPE>` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`, `falcon-jobcontroller`, `falcon-registryassessmentexecutor`] ([see more details below](#sensor-types)) |
129+
| `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. |
130+
| `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools |
131+
| `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. |
132+
| `--get-pull-token` | N/A | `None` | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes. |
133+
| `--get-cid` | N/A | `None` | Get the CID assigned to the API Credentials. |
134+
| `--list-tags` | `$LISTTAGS` | `False` (Optional) | List all tags available for the selected sensor |
135+
| `--allow-legacy-curl` | `$ALLOW_LEGACY_CURL` | `False` (Optional) | Allow the script to run with an older version of cURL |
136+
| `-h`, `--help` | N/A | `None` | Display help message |
125137

126138
---
127139
> **Note**: **Internal flags are for CrowdStrike internal use only. Internal flags do not provide any functionality to end customers.**
@@ -136,15 +148,17 @@ Help Options:
136148

137149
The following sensor types are available to download:
138150

139-
| Sensor Image Name | Description |
140-
| :------------------------------- | :---------------------------------------------------- |
141-
| `falcon-sensor` | The Falcon sensor for Linux as a DaemonSet deployment |
142-
| `falcon-container` **(default)** | The Falcon Container sensor for Linux |
143-
| `falcon-kac` | The Falcon Kubernetes Admission Controller |
144-
| `falcon-snapshot` | The Falcon Snapshot scanner |
145-
| `falcon-imageanalyzer` | The Falcon Image Assessment at Runtime |
146-
| `kpagent` | The Falcon Kubernetes Protection Agent |
147-
| `fcs` | The Falcon Cloud Security CLI tool |
151+
| Sensor Image Name | Description |
152+
| :---------------------------------- | :---------------------------------------------------- |
153+
| `falcon-sensor` | The Falcon sensor for Linux as a DaemonSet deployment |
154+
| `falcon-container` **(default)** | The Falcon Container sensor for Linux |
155+
| `falcon-kac` | The Falcon Kubernetes Admission Controller |
156+
| `falcon-snapshot` | The Falcon Snapshot scanner |
157+
| `falcon-imageanalyzer` | The Falcon Image Assessment at Runtime |
158+
| `kpagent` | The Falcon Kubernetes Protection Agent |
159+
| `fcs` | The Falcon Cloud Security CLI tool |
160+
| `falcon-jobcontroller` | The Self Hosted Registry Assessment Jobs Controller |
161+
| `falcon-registryassessmentexecutor` | The Self Hosted Registry Assessment Executor |
148162

149163
### Examples
150164

0 commit comments

Comments
 (0)