{"id":28410024,"url":"https://github.com/crowdstrike/container-image-scan","last_synced_at":"2025-09-19T18:09:55.753Z","repository":{"id":40367606,"uuid":"337794916","full_name":"CrowdStrike/container-image-scan","owner":"CrowdStrike","description":"Code to scan a container with CrowdStrike and return response codes indicating pass/fail status.","archived":true,"fork":false,"pushed_at":"2025-08-20T16:41:51.000Z","size":173,"stargazers_count":39,"open_issues_count":16,"forks_count":26,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-09-10T06:21:46.090Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CrowdStrike.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-10T17:10:28.000Z","updated_at":"2025-08-20T16:46:07.000Z","dependencies_parsed_at":"2023-10-01T14:46:08.912Z","dependency_job_id":"a365e5ad-5eb9-4c3f-bd9e-2c6813c90bf9","html_url":"https://github.com/CrowdStrike/container-image-scan","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/CrowdStrike/container-image-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrowdStrike%2Fcontainer-image-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrowdStrike%2Fcontainer-image-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrowdStrike%2Fcontainer-image-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrowdStrike%2Fcontainer-image-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CrowdStrike","download_url":"https://codeload.github.com/CrowdStrike/container-image-scan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrowdStrike%2Fcontainer-image-scan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274474138,"owners_count":25292133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-02T11:09:47.185Z","updated_at":"2025-09-19T18:09:55.746Z","avatar_url":"https://github.com/CrowdStrike.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e [!WARNING]\n\u003e **DEPRECATED**: This repository is deprecated and will no longer receive updates. Please migrate to the new [CrowdStrike FCS Action](https://github.com/CrowdStrike/fcs-action) for future container image scanning needs.\n\n# CrowdStrike Container Image Scan [![Flake8](https://github.com/CrowdStrike/container-image-scan/actions/workflows/linting.yml/badge.svg)](https://github.com/CrowdStrike/container-image-scan/actions/workflows/linting.yml)\n\nThis script will scan a container and return response codes indicating pass/fail status.\n\nSpecifically, this script:\n\n1. Tags your image using `docker tag` or `podman tag`\n2. Authenticates to CrowdStrike using your [OAuth2 API keys](https://falcon.crowdstrike.com/support/api-clients-and-keys)\n3. Pushes your image to CrowdStrike for evaluation using `docker push`, after which CrowdStrike performs an Image Scan\n4. Parses returned scan report, generating return error codes as needed\n\nAll output is sent to stdout/stderr.\n\n## Prerequisites\n\n- Docker or Podman installed and running\n- Python3 and pip installed\n- CrowdStrike OAuth2 API keys with appropriate permissions (see below)\n\n### OAuth2 API Key Prerequisites\n\nA CrowdStrike [OAuth2 API keys](https://falcon.crowdstrike.com/support/api-clients-and-keys) with the following permissions is required:\n\n| Permission             | Needed scopes      |\n| ---------------------- | ------------------ |\n| Falcon Container Image | `read` and `write` |\n\n## Installation\n\nChoose ONE of the following installation methods based on your container runtime:\n\n### Option 1: Docker Installation\n\nIf you're using Docker:\n\n```shell\npip3 install docker crowdstrike-falconpy retry\n```\n\n### Option 2: Podman Installation\n\nIf you're using Podman:\n\n```shell\npip3 install podman crowdstrike-falconpy retry\n```\n\n#### Important Podman Configuration Notes\n\n1. For ***rootless*** Podman, ensure the podman socket is running:\n\n   ```shell\n   systemctl --user start podman.socket\n   ```\n\n2. For ***rootful*** Podman, ensure the following:\n\n   ```shell\n   # The socket is running\n   systemctl start podman.socket\n   # Set the container host environment variable\n   export CONTAINER_HOST=\"unix:///var/run/podman/podman.sock\"\n   ```\n\n### Option 3: Complete Installation\n\nTo install support for both Docker and Podman:\n\n\u003e [!NOTE]\n\u003e If using Podman, follow the [Podman Configuration Notes](#important-podman-configuration-notes) above after installing the requirements.\n\n```shell\npip3 install -r requirements.txt\n```\n\n## Usage\n\n```shell\n$ python3 cs_scanimage.py --help\nusage: cs_scanimage.py [-h] -u CLIENT_ID -r REPO [-t TAG]\n                       [-c {us-1,us-2,eu-1,us-gov-1}] [-s SCORE]\n                       [--json-report REPORT]\n                       [--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}]\n                       [-R RETRY_COUNT] [--plugin] [--user-agent USERAGENT]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --json-report REPORT  Export JSON report to specified file\n  --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}\n                        Set the logging level\n  --plugin              Prints the report as json to stdout\n  --user-agent USERAGENT\n                        HTTP User agent to use for API calls\n\nrequired arguments:\n  -u CLIENT_ID, --clientid CLIENT_ID\n                        Falcon OAuth2 API ClientID\n  -r REPO, --repo REPO  Container image repository\n  -t TAG, --tag TAG     Container image tag\n  -c {us-1,us-2,eu-1,us-gov-1}, --cloud-region {us-1,us-2,eu-1,us-gov-1}\n                        CrowdStrike cloud region\n  -s SCORE, --score_threshold SCORE\n                        Vulnerability score threshold\n  -R RETRY_COUNT, --retry_count RETRY_COUNT\n                        Scan report retry count\n```\n\n\u003e [!NOTE]\n\u003e CrowdStrike Falcon API credentials may be supplied also by the means of environment variables:\n\u003e\n\u003e `FALCON_CLIENT_ID`, `FALCON_CLIENT_SECRET`, and `FALCON_CLOUD_REGION`.\n\u003e\n\u003e Establishing and retrieving API credentials can be performed at \u003chttps://falcon.crowdstrike.com/support/api-clients-and-keys\u003e.\n\n## Example Scans\n\n### Example 1\n\n```shell\npython cs_scanimage.py --clientid FALCON_CLIENT_ID --repo \u003crepo\u003e --tag \u003ctag\u003e --cloud-region \u003ccloud_region\u003e\n\nplease enter password to login\nPassword:\n```\n\nThe command above will return output similar to:\n\n```shell\nINFO    Downloading Image Scan Report\nINFO    Searching for vulnerabilities in scan report...\nINFO    Searching for leaked secrets in scan report...\nINFO    Searching for malware in scan report...\nINFO    Searching for misconfigurations in scan report...\nWARNING Alert: Misconfiguration found\nINFO    Vulnerability score threshold not met: '0' out of '500'\n```\n\n### Example 2\n\nThe script provided was built to score vulnerabilities on a scale show below.\n\n```\ncritical_score = 2000\nhigh_score = 500\nmedium_score = 100\nlow_score = 20\n```\n\nThe default value to return a non-zero error code for vulnerabilties is one high vulnerabilty. This can be overridden by providing the `-s` parameters to the script.\n\nThe example below will accomodate vulnerabilities with a sum of 1500.\n\n```shell\npython cs_scanimage.py --clientid FALCON_CLIENT_ID --repo \u003crepo\u003e --tag \u003ctag\u003e \\\n    --cloud-region \u003ccloud_region\u003e -s 1500\n\n```\n\nThe `echo $?` command can be utilized to review the return code, e.g:\n\n```shell\necho $?\n1\n```\n\nThe `echo $?` above displays the returned code with the following mappings:\n\n```shell\nVulnerabilityScoreExceeded = 1\nMalware = 2\nSecrets = 3\nSuccess = 0\nMisconfig = 0\nScriptFailure = 10\n```\n\n## Running the Scan using CICD\n\n- You can use the [container-image-scan](https://github.com/marketplace/actions/crowdstrike-container-image-scan) GitHub Action in your GitHub workflows. Checkout the action at [https://github.com/marketplace/actions/crowdstrike-container-image-scan](https://github.com/marketplace/actions/crowdstrike-container-image-scan)\n\n- Pipeline examples, including the GitHub Action, can be found at the CrowdStrike [image-scan-example](https://github.com/CrowdStrike/image-scan-example) repository.\n\n## Using the `container-image-scan` Container\n\n```shell\nexport FALCON_CLIENT_ID=\u003cclient_id\u003e\nexport FALCON_CLIENT_SECRET=\u003cclient_secret\u003e\n\ndocker run -it --rm -e FALCON_CLIENT_ID -e FALCON_CLIENT_SECRET \\\n    -v /var/run/docker.sock:/var/run/docker.sock \\\n    quay.io/crowdstrike/container-image-scan:latest --repo \u003crepo\u003e --tag \u003ctag\u003e\n```\n\nYou can use any argument that is supported by the script. For example, to set the cloud region:\n\n```shell\ndocker run -it --rm -e FALCON_CLIENT_ID -e FALCON_CLIENT_SECRET \\\n    -v /var/run/docker.sock:/var/run/docker.sock \\\n    quay.io/crowdstrike/container-image-scan:latest --repo \u003crepo\u003e --tag \u003ctag\u003e -c us-2\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrowdstrike%2Fcontainer-image-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrowdstrike%2Fcontainer-image-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrowdstrike%2Fcontainer-image-scan/lists"}