{"id":20658076,"url":"https://github.com/deepfence/package-scanner","last_synced_at":"2025-08-20T08:33:10.711Z","repository":{"id":37429190,"uuid":"458131376","full_name":"deepfence/package-scanner","owner":"deepfence","description":null,"archived":false,"fork":false,"pushed_at":"2024-12-04T11:15:48.000Z","size":621,"stargazers_count":41,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"release-2.5","last_synced_at":"2024-12-12T05:22:11.814Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deepfence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-11T09:58:26.000Z","updated_at":"2024-11-12T11:38:54.000Z","dependencies_parsed_at":"2023-10-30T09:26:30.856Z","dependency_job_id":"a1e0fd99-55e5-42fa-abe7-14c46e36c848","html_url":"https://github.com/deepfence/package-scanner","commit_stats":null,"previous_names":["deepfence/deepfence-package-scanner","deepfence/vulnerability-sbom-plugin"],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Fpackage-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Fpackage-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Fpackage-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Fpackage-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deepfence","download_url":"https://codeload.github.com/deepfence/package-scanner/tar.gz/refs/heads/release-2.5","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230408171,"owners_count":18220974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T18:24:40.734Z","updated_at":"2025-08-20T08:33:10.700Z","avatar_url":"https://github.com/deepfence.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Package Scanner\n\nScan for vulnerabilities in your docker image or a directory\n\n## Download\n\nEvery [release](https://github.com/deepfence/package-scanner/releases) of package scanner provides binary releases for a variety of OSes. These binary versions can be manually downloaded and installed.\n\n1. Go to the [releases](https://github.com/deepfence/package-scanner/releases) page and download the native client package based on your OS and CPU architecture.\n2. Unpack it\n    ```shell\n   tar -zxvf package-scanner_Linux_x86_64.tar\n    ```\n\n## Usage\n\nRun this command to generate a license key. Work/official email id has to be used.\n```shell\ncurl https://license.deepfence.io/threatmapper/generate-license?first_name=\u003cFIRST_NAME\u003e\u0026last_name=\u003cLAST_NAME\u003e\u0026email=\u003cEMAIL\u003e\u0026company=\u003cORGANIZATION_NAME\u003e\u0026resend_email=true\n```\n\n### Image scan\nSet product and licence key to download the vulnerability database needed for the scan \n\n```shell\ndocker pull longhornio/csi-snapshotter:v6.2.1\nexport DEEPFENCE_PRODUCT=\u003cThreatMapper or ThreatStryker\u003e\nexport DEEPFENCE_LICENSE=\u003cThreatMapper or ThreatStryker license key\u003e\n./package-scanner -source longhornio/csi-snapshotter:v6.2.1 -container-runtime docker\n\ndocker pull nginx:latest\nexport DEEPFENCE_PRODUCT=\u003cThreatMapper or ThreatStryker\u003e\nexport DEEPFENCE_LICENSE=\u003cThreatMapper or ThreatStryker license key\u003e\n./package-scanner -source nginx:latest -severity critical\n```\n\n### Directory scan\n```shell\nexport DEEPFENCE_PRODUCT=\u003cThreatMapper or ThreatStryker\u003e\nexport DEEPFENCE_LICENSE=\u003cThreatMapper or ThreatStryker license key\u003e\n./package-scanner --source dir:\u003cdirectory full path\u003e\n```\n\n## Build\n1. make tools\n2. make cli\n3. This will generate `package-scanner` binary in the current directory\n\n## Build docker image\n1. make docker-cli\n2. docker images should show new image with name quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.7\n```\n$ docker images\nREPOSITORY                                          TAG       IMAGE ID       CREATED             SIZE\nquay.io/deepfenceio/deepfence_package_scanner_cli   2.5.7     e06fb1cd3868   About an hour ago   569MB\nnginx                                               latest    1403e55ab369   8 days ago          142MB\n```\n\n## Docker image standalone usage example\n```\ndocker pull nginx:latest\ndocker run -it --rm -e DEEPFENCE_PRODUCT=\u003cThreatMapper or ThreatStryker\u003e -e DEEPFENCE_LICENSE=\u003cThreatMapper or ThreatStryker license key\u003e -v /var/run/docker.sock:/var/run/docker.sock --name package-scanner quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.7 -source nginx:latest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Fpackage-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeepfence%2Fpackage-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Fpackage-scanner/lists"}