[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Container image's name inside scanner container

From: Brent Baude <bbaude redhat com>
To: Dharmit Shah <dharmit redhat com>, atomic-devel projectatomic io
Subject: Re: [atomic-devel] Container image's name inside scanner container
Date: Fri, 13 Jan 2017 08:53:42 -0600

Dharmit,

I believe the intended image is mounted by its UUID.  One idea would be
to share the docker socket with you scan container and then do a quick
translation of the UUID to image name using the docker-py API.

One issue with this approach is you get yourself in a bind (in some
cases) with determining the image name.  Meaning, is it the repotag
name(s), the LABEL name, or some other approach?  I would say that is
one upside of your approach.

There are other ways to resolve the name that are a little more
involved.  If you want to know more, contact me off-list and we can
discuss them.

Brent



On Fri, 2017-01-13 at 15:24 +0530, Dharmit Shah wrote:
> Hi!
> 
> I recently worked on developing a scanner [1] that reports pip, npm,
> gem
> updates for a container. But, to me, it looks like I'm missing
> something
> and doing it in an improper way from `atomic scan` side of things.
> 
> The command I execute to check, let's say, pip related updates is:
> 
>     `IMAGE_NAME=<image_name> atomic scan --scanner misc-package-
> updates --scan_type pip-updates <image_name>`
> 
> And the configuration file ensures that `IMAGE_NAME` variable I've
> set
> in above command is passed on to the scanner container as an
> envrionment
> variable [2]. It is then used to spin up a new container from the
> image
> to check for pip updates.
> 
> It is my understanding, and I'd like to know if it's correct, that
> the
> rootfs of image name specified with `atomic scan` command is mounted
> onto the scanner container under `/scanin` directory and the scanner
> output is expected under `/scanout` directory; but the image's name
> is
> not passed to the scanner container.
> 
> Is there a way to access the image's name inside a container without
> doing it the way I've done using a variable?
> 
> [1]
> https://github.com/CentOS/container-pipeline-service/tree/master/atom
> ic_scanners/misc-package-updates
> 
> [2]
> https://github.com/CentOS/container-pipeline-service/blob/master/atom
> ic_scanners/misc-package-updates/misc-package-updates#L5
> 
> Regards,
> Dharmit.
>

Follow-Ups:
- Re: [atomic-devel] Container image's name inside scanner container
  - From: Daniel J Walsh

References:
- [atomic-devel] Container image's name inside scanner container
  - From: Dharmit Shah

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]