{"id":13416365,"url":"https://github.com/genuinetools/reg","last_synced_at":"2025-05-14T06:12:44.363Z","repository":{"id":44676798,"uuid":"68786993","full_name":"genuinetools/reg","owner":"genuinetools","description":"Docker registry v2 command line client and repo listing generator with security checks.","archived":false,"fork":false,"pushed_at":"2024-06-25T15:08:50.000Z","size":32337,"stargazers_count":1658,"open_issues_count":60,"forks_count":171,"subscribers_count":34,"default_branch":"master","last_synced_at":"2024-10-29T15:27:35.554Z","etag":null,"topics":["cli","containers","docker","docker-registry","linux","opencontainers","vulnerability-reports"],"latest_commit_sha":null,"homepage":"https://r.j3ss.co","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/genuinetools.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-09-21T06:28:40.000Z","updated_at":"2024-10-27T19:25:27.000Z","dependencies_parsed_at":"2023-07-15T04:58:30.340Z","dependency_job_id":"28ed6c44-3e9c-4906-adbe-f9df2382fefb","html_url":"https://github.com/genuinetools/reg","commit_stats":{"total_commits":381,"total_committers":50,"mean_commits":7.62,"dds":0.5774278215223096,"last_synced_commit":"efad427c695e7fff11825ccb61ebd964d9e47643"},"previous_names":["jessfraz/reg"],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Freg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Freg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Freg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Freg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/genuinetools","download_url":"https://codeload.github.com/genuinetools/reg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254080698,"owners_count":22011478,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","containers","docker","docker-registry","linux","opencontainers","vulnerability-reports"],"created_at":"2024-07-30T21:00:57.713Z","updated_at":"2025-05-14T06:12:44.276Z","avatar_url":"https://github.com/genuinetools.png","language":"Go","readme":"# reg\n\n[![make-all](https://github.com/genuinetools/reg/workflows/make%20all/badge.svg)](https://github.com/genuinetools/reg/actions?query=workflow%3A%22make+all%22)\n[![make-image](https://github.com/genuinetools/reg/workflows/make%20image/badge.svg)](https://github.com/genuinetools/reg/actions?query=workflow%3A%22make+image%22)\n[![make-test](https://github.com/genuinetools/reg/workflows/make%20test/badge.svg)](https://github.com/genuinetools/reg/actions?query=workflow%3A%22make+test%22)\n[![GoDoc](https://img.shields.io/badge/godoc-reference-5272B4.svg?style=for-the-badge)](https://godoc.org/github.com/genuinetools/reg)\n[![Github All Releases](https://img.shields.io/github/downloads/genuinetools/reg/total.svg?style=for-the-badge)](https://github.com/genuinetools/reg/releases)\n\nDocker registry v2 command line client and repo listing generator with security checks.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n**Table of Contents**\n\n- [Installation](#installation)\n    - [Binaries](#binaries)\n    - [Via Go](#via-go)\n- [Usage](#usage)\n  - [Auth](#auth)\n  - [List Repositories and Tags](#list-repositories-and-tags)\n  - [Get a Manifest](#get-a-manifest)\n  - [Get the Digest](#get-the-digest)\n  - [Download a Layer](#download-a-layer)\n  - [Delete an Image](#delete-an-image)\n  - [Vulnerability Reports](#vulnerability-reports)\n  - [Generating Static Website for a Registry](#generating-static-website-for-a-registry)\n  - [Using Self-Signed Certs with a Registry](#using-self-signed-certs-with-a-registry)\n- [Contributing](#contributing)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Installation\n\n#### Binaries\n\nFor installation instructions from binaries please visit the [Releases Page](https://github.com/genuinetools/reg/releases).\n\n#### Via Go\n\n```console\n$ go get github.com/genuinetools/reg\n```\n\n## Usage\n\n```console\n$ reg -h\nreg -  Docker registry v2 client.\n\nUsage: reg \u003ccommand\u003e\n\nFlags:\n\n  --auth-url           alternate URL for registry authentication (ex. auth.docker.io) (default: \u003cnone\u003e)\n  -d                   enable debug logging (default: false)\n  -f, --force-non-ssl  force allow use of non-ssl (default: false)\n  -k, --insecure       do not verify tls certificates (default: false)\n  -p, --password       password for the registry (default: \u003cnone\u003e)\n  --skip-ping          skip pinging the registry while establishing connection (default: false)\n  --timeout            timeout for HTTP requests (default: 1m0s)\n  -u, --username       username for the registry (default: \u003cnone\u003e)\n\nCommands:\n\n  digest    Get the digest for a repository.\n  layer     Download a layer for a repository.\n  ls        List all repositories.\n  manifest  Get the json manifest for a repository.\n  rm        Delete a specific reference of a repository.\n  server    Run a static UI server for a registry.\n  tags      Get the tags for a repository.\n  vulns     Get a vulnerability report for a repository from a CoreOS Clair server.\n  version   Show the version information.\n```\n\n**NOTE:** Be aware that `reg ls` doesn't work with `hub.docker.com` as it has a different API than the [OSS Docker Registry](https://github.com/docker/distribution).\n\n### Auth\n\n`reg` will automatically try to parse your docker config credentials, but if\nnot present, you can pass through flags directly.\n\n### List Repositories and Tags\n\n**Repositories**\n\n```console\n# this command might take a while if you have hundreds of images like I do\n$ reg ls r.j3ss.co\nRepositories for r.j3ss.co\nREPO                  TAGS\nawscli                latest\nbeeswithmachineguns   latest\ncamlistore            latest\nchrome                beta, latest, stable\n...\n```\n\n**Tags**\n\n```console\n$ reg tags r.j3ss.co/tor-browser\nalpha\nhardened\nlatest\nstable\n\n# or for an offical image\n$ reg tags debian\n6\n6.0\n6.0.10\n6.0.8\n6.0.9\n7\n7-slim\n7.10\n7.11\n7.11-slim\n...\n```\n\n### Get a Manifest\n\n```console\n$ reg manifest r.j3ss.co/htop\n{\n   \"schemaVersion\": 1,\n   \"name\": \"htop\",\n   \"tag\": \"latest\",\n   \"architecture\": \"amd64\",\n   \"fsLayers\": [\n     {\n       \"blobSum\": \"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4\"\n     },\n     ....\n   ],\n   \"history\": [\n     ....\n   ]\n }\n```\n\n### Get the Digest\n```console\n$ reg digest r.j3ss.co/htop\nsha256:791158756cc0f5b27ef8c5c546284568fc9b7f4cf1429fb736aff3ee2d2e340f\n```\n\n### Download a Layer\n\n```console\n$ reg layer -o r.j3ss.co/chrome@sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4\nOR\n$ reg layer r.j3ss.co/chrome@sha256:a3ed95caeb0.. \u003e layer.tar\n```\n\n\n### Delete an Image\n\n```console\n$ reg rm r.j3ss.co/chrome@sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4\nDeleted chrome@sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4\n```\n\n### Vulnerability Reports\n\n```console\n$ reg vulns --clair https://clair.j3ss.co r.j3ss.co/chrome\nFound 32 vulnerabilities\nCVE-2015-5180: [Low]\n\nhttps://security-tracker.debian.org/tracker/CVE-2015-5180\n-----------------------------------------\nCVE-2016-9401: [Low]\npopd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.\nhttps://security-tracker.debian.org/tracker/CVE-2016-9401\n-----------------------------------------\nCVE-2016-3189: [Low]\nUse-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.\nhttps://security-tracker.debian.org/tracker/CVE-2016-3189\n-----------------------------------------\nCVE-2011-3389: [Medium]\nThe SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.\nhttps://security-tracker.debian.org/tracker/CVE-2011-3389\n-----------------------------------------\nCVE-2016-5318: [Medium]\nStack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.\nhttps://security-tracker.debian.org/tracker/CVE-2016-5318\n-----------------------------------------\nCVE-2016-9318: [Medium]\nlibxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.\nhttps://security-tracker.debian.org/tracker/CVE-2016-9318\n-----------------------------------------\nCVE-2015-7554: [High]\nThe _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.\nhttps://security-tracker.debian.org/tracker/CVE-2015-7554\n-----------------------------------------\nUnknown: 2\nNegligible: 23\nLow: 3\nMedium: 3\nHigh: 1\n```\n\n### Generating Static Website for a Registry\n\n`reg` bundles a HTTP server that periodically generates a static website\nwith a list of registry images and serves it to the web.\n\nIt will run vulnerability scanning if you\nhave a [CoreOS Clair](https://github.com/coreos/clair) server set up\nand pass the url with the `--clair` flag.\n\nIt is possible to run `reg server` just as a one time static generator.\n`--once` flag makes the `server` command exit after it builds the HTML listing.\n\nThere is a demo at [r.j3ss.co](https://r.j3ss.co).\n\n**Usage:**\n\n```console\n$ reg server -h\nUsage: reg server [OPTIONS]\n\nRun a static UI server for a registry.\n\nFlags:\n\n  -u, --username       username for the registry (default: \u003cnone\u003e)\n  --listen-address     address to listen on (default: \u003cnone\u003e)\n  --asset-path         Path to assets and templates (default: \u003cnone\u003e)\n  -f, --force-non-ssl  force allow use of non-ssl (default: false)\n  --once               generate the templates once and then exit (default: false)\n  --skip-ping          skip pinging the registry while establishing connection (default: false)\n  --timeout            timeout for HTTP requests (default: 1m0s)\n  --cert               path to ssl cert (default: \u003cnone\u003e)\n  -d                   enable debug logging (default: false)\n  --key                path to ssl key (default: \u003cnone\u003e)\n  --port               port for server to run on (default: 8080)\n  -r, --registry       URL to the private registry (ex. r.j3ss.co) (default: \u003cnone\u003e)\n  --clair              url to clair instance (default: \u003cnone\u003e)\n  -k, --insecure       do not verify tls certificates (default: false)\n  --interval           interval to generate new index.html's at (default: 1h0m0s)\n  -p, --password       password for the registry (default: \u003cnone\u003e)\n```\n\n**Screenshots:**\n\n![home.png](server/home.png)\n\n![vuln.png](server/vuln.png)\n\n### Using Self-Signed Certs with a Registry\n\nWe do not allow users to pass all the custom certificate flags on commands\nbecause it is unnecessarily messy and can be handled through Linux itself.\nWhich we believe is a better user experience than having to pass three\ndifferent flags just to communicate with a registry using self-signed or\nprivate certificates.\n\nBelow are instructions on adding a self-signed or private certificate to your\ntrusted ca-certificates on Linux.\n\nMake sure you have the package `ca-certificates` installed.\n\nCopy the public half of your CA certificate (the one used to sign the CSR) into\nthe CA certificate directory (as root):\n\n```console\n$ cp cacert.pem /usr/share/ca-certificates\n```\n\n## Contributing\n\nIf you plan on contributing you should be able to run the tests locally. The\ntests run for CI via docker-in-docker. But running locally with `go test`, you\nneed to make one modification to your docker daemon config so that you can talk\nto the local registry for the tests.\n\nAdd the flag `--insecure-registry localhost:5000` to your docker daemon,\ndocumented [here](https://docs.docker.com/registry/insecure/) for testing\nagainst an insecure registry.\n\n**OR** \n\nRun `make dind dtest` to avoid having to change your local docker config and\nto run the tests as docker-in-docker.\n","funding_links":[],"categories":["Container Operations","Misc","Go","opencontainers"],"sub_categories":["User Interface"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenuinetools%2Freg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgenuinetools%2Freg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenuinetools%2Freg/lists"}