Package Scanner

Scan for vulnerabilities in your docker image or a directory

Download

Every release of package scanner provides binary releases for a variety of OSes. These binary versions can be manually downloaded and installed.

Go to the releases page and download the native client package based on your OS and CPU architecture.

Unpack it

tar -zxvf package-scanner_Linux_x86_64.tar

Usage

Run this command to generate a license key. Work/official email id has to be used.

curl https://license.deepfence.io/threatmapper/generate-license?first_name=<FIRST_NAME>&last_name=<LAST_NAME>&email=<EMAIL>&company=<ORGANIZATION_NAME>&resend_email=true

Image scan

Set product and licence key to download the vulnerability database needed for the scan

docker pull longhornio/csi-snapshotter:v6.2.1
export DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker>
export DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key>
./package-scanner -source longhornio/csi-snapshotter:v6.2.1 -container-runtime docker

docker pull nginx:latest
export DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker>
export DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key>
./package-scanner -source nginx:latest -severity critical

Directory scan

export DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker>
export DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key>
./package-scanner --source dir:<directory full path>

Build

make tools
make cli
This will generate package-scanner binary in the current directory

Build docker image

make docker-cli
docker images should show new image with name quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.2

$ docker images
REPOSITORY                                          TAG       IMAGE ID       CREATED             SIZE
quay.io/deepfenceio/deepfence_package_scanner_cli   2.5.2     e06fb1cd3868   About an hour ago   569MB
nginx                                               latest    1403e55ab369   8 days ago          142MB

Docker image standalone usage example

docker pull nginx:latest
docker run -it --rm -e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> -e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> -v /var/run/docker.sock:/var/run/docker.sock --name package-scanner quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.2 -source nginx:latest

Name		Name	Last commit message	Last commit date
Latest commit History 351 Commits
.github/workflows		.github/workflows
agent-plugins-grpc @ 512fd2d		agent-plugins-grpc @ 512fd2d
internal/deepfence		internal/deepfence
jobs		jobs
output		output
sbom		sbom
scanner		scanner
tools		tools
utils		utils
.dockerignore		.dockerignore
.gitignore		.gitignore
.gitmodules		.gitmodules
.golangci.yml		.golangci.yml
.goreleaser.yaml		.goreleaser.yaml
Dockerfile		Dockerfile
Makefile		Makefile
README.md		README.md
bootstrap.sh		bootstrap.sh
entrypoint.sh		entrypoint.sh
go.mod		go.mod
go.sum		go.sum
grype.yaml		grype.yaml
main.go		main.go
run-once.go		run-once.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Package Scanner

Download

Usage

Image scan

Directory scan

Build

Build docker image

Docker image standalone usage example

About

Releases 35

Packages

Contributors 14

Languages

deepfence/package-scanner

Folders and files

Latest commit

History

Repository files navigation

Package Scanner

Download

Usage

Image scan

Directory scan

Build

Build docker image

Docker image standalone usage example

About

Resources

Stars

Watchers

Forks

Releases 35

Packages 0

Contributors 14

Languages

Packages