{"id":25506505,"url":"https://github.com/blackducksoftware/kubectl-bd-xray","last_synced_at":"2025-04-10T11:51:57.693Z","repository":{"id":127466879,"uuid":"290306470","full_name":"blackducksoftware/kubectl-bd-xray","owner":"blackducksoftware","description":"kubectl plugin scanning docker images for open source security and license compliance using Black Duck by Synopsys","archived":false,"fork":false,"pushed_at":"2020-09-05T05:21:40.000Z","size":12849,"stargazers_count":7,"open_issues_count":1,"forks_count":2,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-24T10:45:37.244Z","etag":null,"topics":["docker","helm","image","kubectl-plugin","software-composition-analysis","yaml"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackducksoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-25T19:36:06.000Z","updated_at":"2024-11-05T08:37:28.000Z","dependencies_parsed_at":"2023-08-23T06:02:45.566Z","dependency_job_id":null,"html_url":"https://github.com/blackducksoftware/kubectl-bd-xray","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fkubectl-bd-xray","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fkubectl-bd-xray/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fkubectl-bd-xray/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Fkubectl-bd-xray/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackducksoftware","download_url":"https://codeload.github.com/blackducksoftware/kubectl-bd-xray/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248215191,"owners_count":21066622,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","helm","image","kubectl-plugin","software-composition-analysis","yaml"],"created_at":"2025-02-19T06:58:07.921Z","updated_at":"2025-04-10T11:51:57.676Z","avatar_url":"https://github.com/blackducksoftware.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- omit in toc --\u003e\n# kubectl-bd-xray: Black Duck X-Ray\n\nThis plugin runs Black Duck image scans in order to allow developers/operators to scan already deployed images as well as about to be deployed images for open source security and license compliance.  Just point and scan images in any namespace, third-party or your own yaml files, and helm charts.  **It also suggests image upgrades for outdated images**.  Check out the [future section here](#future) for exciting coming soon features, including base image remediation, upgrade suggestions for outdated helm charts and more!\n\nSee [demo images here](./examples/demo/)\n\n![Image of bd-xray output table](./examples/demo/bd-xray.png)\n![Image of results in Black Duck UI](./examples/demo/bd-image-version.png)\n\nTODO: put video here\n\n\u003c!-- omit in toc --\u003e\n## Table of Contents\n\n- [Installation](#installation)\n  - [From Krew](#from-krew)\n  - [From source](#from-source)\n    - [Build](#build)\n    - [Run](#run)\n    - [How to build and use as kubectl plugin](#how-to-build-and-use-as-kubectl-plugin)\n  - [From Release Binary](#from-release-binary)\n    - [macOs](#macos)\n- [Usage](#usage)\n  - [`bd-xray namespace`: scan all images in a namespace](#bd-xray-namespace-scan-all-images-in-a-namespace)\n  - [`bd-xray images`: scan any set of images](#bd-xray-images-scan-any-set-of-images)\n  - [`bd-xray yaml`: scan images from given yaml file](#bd-xray-yaml-scan-images-from-given-yaml-file)\n  - [`bd-xray helm`: scan images from given helm chart](#bd-xray-helm-scan-images-from-given-helm-chart)\n- [Dev notes](#dev-notes)\n  - [Release](#release)\n    - [Dry-run](#dry-run)\n    - [Push](#push)\n    - [Deleting tags](#deleting-tags)\n  - [Testing Krew release locally](#testing-krew-release-locally)\n    - [Generate final `.krew.yaml` from templated `.krew.yaml` here using `krew-release-bot`](#generate-final-krewyaml-from-templated-krewyaml-here-using-krew-release-bot)\n- [Future](#future)\n\n## Installation\n\n### From Krew\n\n```bash\ncurl https://krew.sh/bd-xray | bash\n# . ~/.bashrc   # run if you use bash shell\n# . ~/.zshrc    # run if you use zsh shell\n```\n\n### From source\n\n#### Build\n\n```bash\ngo build ./cmd/bd-xray/main.go\n\n./bd-xray --help\n```\n\n#### Run\n\n```bash\ngo run ./cmd/bd-xray/main.go --help\n```\n\n#### How to build and use as kubectl plugin\n\n```bash\ngo build ./cmd/bd-xray/main.go\n\nmv ./bd-xray \"/TODO-somewhere-in-your-path/kubectl-bd_xray\"\n\nkubectl plugin list\n\nkubectl bd-xray --help\n```\n\n### From Release Binary\n\n#### macOs\n\nYou can download and use as a standalone binary.\n\n```bash\ndownload_path=\"./bd-xray\"\nversion=\"v0.1.0\"\n\ncurl --fail --location --output $download_path \"https://github.com/blackducksoftware/kubectl-bd-xray/releases/download/${version}/kubectl-bd-xray_${version}_darwin_amd64.tar.gz\"\nchmod +x $download_path\n\n$download_path --help\n```\n\nOr you can follow the below steps after the aboves steps to use it as a kubectl plugin\n\n```bash\nmv $download_path \"/TODO-somewhere-in-your-path/kubectl-bd_xray\"\n\nkubectl plugin list\n\nkubectl bd-xray --help\n```\n\n## Usage\n\nUse the `--help` flag with the root and/or any of the subcommands to find out more information\n\n```bash\nkubectl bd-xray --help\n```\n\n### `bd-xray namespace`: scan all images in a namespace\n\n```bash\nkubectl bd-xray namespace --help\n\nNAMESPACE_NAME=\"TODO\"\nBLACKDUCK_URL=\"TODO\"\nBLACKDUCK_API_TOKEN=\"TODO\"\nkubectl bd-xray namespace $NAMESPACE_NAME --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_API_TOKEN\n```\n\n### `bd-xray images`: scan any set of images\n\n```bash\nkubectl bd-xray images --help\n\nBLACKDUCK_URL=\"TODO\"\nBLACKDUCK_API_TOKEN=\"TODO\"\nkubectl bd-xray images ubuntu:18.04 alpine:3.8 --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_API_TOKEN\n```\n\n### `bd-xray yaml`: scan images from given yaml file\n\n```bash\nkubectl bd-xray yaml --help\n\nPATH_TO_YAML_FILE=\"TODO\"\nBLACKDUCK_URL=\"TODO\"\nBLACKDUCK_API_TOKEN=\"TODO\"\nkubectl bd-xray yaml $PATH_TO_YAML_FILE  --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_API_TOKEN\n```\n\n### `bd-xray helm`: scan images from given helm chart\n\n```bash\nkubectl bd-xray helm --help\n\nHELM_CHART=\"stable/atlantis\"\nBLACKDUCK_URL=\"TODO\"\nBLACKDUCK_API_TOKEN=\"TODO\"\nkubectl bd-xray helm $HELM_CHART  --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_API_TOKEN\n```\n\n## Dev notes\n\n### Release\n\n#### Dry-run\n\n```bash\n./release.sh -d\n```\n\n#### Push\n\n```bash\ngit tag v0.1.1\ngit push --tag\n```\n\n#### Deleting tags\n\n```bash\ngit tag -d v0.1.0\n```\n\n### Testing Krew release locally\n\n#### Generate final `.krew.yaml` from templated `.krew.yaml` here using `krew-release-bot`\n\n```bash\n# NOTE: you have to use a tag that is already released, in order for krew-release-bot to get the SHA.\nTAG_NAME=v0.1.1\ndocker run -v \"$(pwd)/.krew.yaml:/tmp/template-file.yaml\" rajatjindal/krew-release-bot:v0.0.38 krew-release-bot template --tag $TAG_NAME --template-file /tmp/template-file.yaml\n```\n\n(For developers) To provide a custom plugin manifest, use the --manifest or\n  --manifest-url arguments. Similarly, instead of downloading files from a URL,\n  you can specify a local --archive file:\n    kubectl krew install --manifest=FILE [--archive=FILE]\n\n```bash\n# kubectl krew install --manifest=\".krew.yaml\"\n# kubectl krew install --manifest=\".krew.yaml\" --archive=\"./dist/kubectl-bd-xray_v0.1.0_darwin_amd64.tar.gz\"\n```\n\n## Future\n\n- show difference in vulnerabilities between existing image and the suggested upgrade remediation image\n- suggest upgrade remediation of base image\n- suggest upgrade remediation for helm charts\n- allow setting concurrency of scans (currently \"infinite\")\n- multiple modes of operation\n  - concurrent scans locally with persistent docker container (currently already)\n  - concurrent scans in the cluster in same namespace, 1 job per image\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fkubectl-bd-xray","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackducksoftware%2Fkubectl-bd-xray","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Fkubectl-bd-xray/lists"}