{"id":35423040,"url":"https://github.com/csmith/purser","last_synced_at":"2026-02-12T22:11:56.687Z","repository":{"id":331256443,"uuid":"1125925566","full_name":"csmith/purser","owner":"csmith","description":"Automatic vulnerability scans of all container images used on a host","archived":false,"fork":false,"pushed_at":"2026-02-03T23:33:53.000Z","size":94,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-02-04T11:49:57.409Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/csmith.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-31T16:51:59.000Z","updated_at":"2026-02-03T23:33:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/csmith/purser","commit_stats":null,"previous_names":["csmith/purser"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/csmith/purser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/csmith%2Fpurser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/csmith%2Fpurser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/csmith%2Fpurser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/csmith%2Fpurser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/csmith","download_url":"https://codeload.github.com/csmith/purser/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/csmith%2Fpurser/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29383121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T22:07:52.078Z","status":"ssl_error","status_checked_at":"2026-02-12T22:07:49.026Z","response_time":55,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-02T17:14:34.733Z","updated_at":"2026-02-12T22:11:56.683Z","avatar_url":"https://github.com/csmith.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Purser\n\nPurser runs periodic vulnerability scans on all container images that are in\nuse on a host. It lists running containers via the Docker API, then scans\neach distinct image using [Trivy](https://trivy.dev/). Aggregated details\nare then written to a HTML report.\n\n## Usage\n\nPurser is designed to run as a container itself. It requires a directory\nin which to cache vulnerability database files, access to the host's docker\nsocket (for listing containers and reading images), and a directory to output\nthe reports.\n\nA simple docker compose file is below.\n\n```yaml\nservices:\n  purser:\n    image: ghcr.io/csmith/purser\n    restart: unless-stopped\n    user: '0' # or some other uid with access to the docker socket\n    volumes:\n      - cache:/data/cache\n      - output:/data/output\n      - /var/run/docker.sock:/var/run/docker.sock\n\nvolumes:\n  cache:\n  output:\n```\n\nIn production enviroments you may want to use a proxy like\n[dsp](https://github.com/greboid/dsp) to limit purser to\nread-only requests, and allow it to run as a regular user.\n\n## Options\n\nPurser options should be specified as environment vars. The following options\nare available:\n\n| Option      | Description                                             | Default                                              |\n|-------------|---------------------------------------------------------|------------------------------------------------------|\n| SCAN_PERIOD | How often to scan containers for vulnerabilities        | `12h`                                                |\n| OUTPUT_DIR  | Directory to write reports to                           | `/data/output/` (docker) `.data/output/` (otherwise) |\n| CACHE_DIR   | Directory to cache vulnerability databases in           | `/data/cache/` (docker) `.data/cache/` (otherwise)   |\n| SWARM       | Whether to try and scan all images used in Docker Swarm | `false`                                              |\n| LOG_LEVEL   | Minimum log level to output                             | `INFO`                                               |\n| LOG_FORMAT  | Format of log output (`TEXT` or `JSON`)                 | `TEXT`                                               |\n| DOCKER_HOST | URL to access the Docker API                            | `-`                                                  |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcsmith%2Fpurser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcsmith%2Fpurser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcsmith%2Fpurser/lists"}