{"id":16280878,"url":"https://github.com/joelee2012/claircli","last_synced_at":"2025-03-20T01:33:41.264Z","repository":{"id":50235849,"uuid":"168813033","full_name":"joelee2012/claircli","owner":"joelee2012","description":"Command line tool to interact with Quay Clair","archived":false,"fork":false,"pushed_at":"2022-11-22T08:42:26.000Z","size":64,"stargazers_count":16,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-17T21:23:31.602Z","etag":null,"topics":["clair","docker","image-scanning","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joelee2012.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-02T08:54:01.000Z","updated_at":"2022-04-28T07:24:35.000Z","dependencies_parsed_at":"2023-01-22T07:02:41.481Z","dependency_job_id":null,"html_url":"https://github.com/joelee2012/claircli","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joelee2012%2Fclaircli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joelee2012%2Fclaircli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joelee2012%2Fclaircli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joelee2012%2Fclaircli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joelee2012","download_url":"https://codeload.github.com/joelee2012/claircli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221733321,"owners_count":16871848,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clair","docker","image-scanning","vulnerability-scanners"],"created_at":"2024-10-10T19:02:56.560Z","updated_at":"2024-10-27T21:06:49.658Z","avatar_url":"https://github.com/joelee2012.png","language":"Python","readme":"[![Tests](https://github.com/joelee2012/claircli/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/joelee2012/claircli/actions/workflows/tests.yml)\n[![CodeQL](https://github.com/joelee2012/claircli/actions/workflows/codeql.yml/badge.svg?branch=master)](https://github.com/joelee2012/claircli/actions/workflows/codeql.yml)\n[![Coverage Status](https://coveralls.io/repos/github/joelee2012/claircli/badge.svg?branch=master)](https://coveralls.io/github/joelee2012/claircli?branch=master)\n![PyPI](https://img.shields.io/pypi/v/claircli)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/claircli)\n![PyPI - Wheel](https://img.shields.io/pypi/wheel/claircli)\n![GitHub](https://img.shields.io/github/license/joelee2012/claircli)\n\n# claircli\n## claircli is a command line tool to interact with [Quay Clair](https://github.com/quay/clair), which has following functionalities:\n- analyze docker images in local host\n- analyze docker images in remote host\n- analyze docker images in secure/insecure registry\n- support threshold/whitelist for vulnerabilities\n- support fat manifests\n- report to HTML/JSON, the html report is based on [template](https://github.com/jgsqware/clairctl/blob/master/clair/templates/analysis-template.html)\n\n# Installation\n\n```bash\npython3 -m pip install claircli\n```\n\n# Commands\n\n```\nclaircli -h\nusage: claircli [-h] [-c CLAIR] [-f {html,json}] [-T THRESHOLD]\n [-w WHITE_LIST] [-l LOCAL_IP | -r] [-i REGISTRY] [-L LOG_FILE]\n [-d] [-V]\n IMAGE [IMAGE ...]\n\nCommand line tool to interact with Quay Clair to analyze docker image in different ways\n\npositional arguments:\n IMAGE docker images or regular expression\n\noptional arguments:\n -h, --help show this help message and exit\n -c CLAIR, --clair CLAIR\n clair url, default: http://localhost:6060\n -f {html,json}, --formats {html,json}\n output report file with give format, default: ['html']\n -T THRESHOLD, --threshold THRESHOLD\n cvd severity threshold, if any servity of\n vulnerability above of threshold, will return non-\n zero, default: Unknown, choices are: ['Defcon1',\n 'Critical', 'High', 'Medium', 'Low', 'Negligible',\n 'Unknown']\n -w WHITE_LIST, --white-list WHITE_LIST\n path to the whitelist file\n -l LOCAL_IP, --local-ip LOCAL_IP\n ip address of local host\n -r, --regex if set, repository and tag of images will be treated\n as regular expression\n -i REGISTRY, --insecure-registry REGISTRY\n domain of insecure registry\n -k REGISTRY:TOKEN, --registry-token REGISTRY:TOKEN\n uses the token for login to the given Docker registry\n -L LOG_FILE, --log-file LOG_FILE\n save log to file\n -d, --debug print more logs\n -V, --version show program's version number and exit\n\nExamples:\n\n # analyze and output report to html\n # clair is running at http://localhost:6060\n claircli example.reg.com/myimage1:latest example.reg.com/myimage2:latest\n\n # analyze image in insecure registry\n # clair is running at http://localhost:6060\n claircli -i example.reg.com example.reg.com/myimage1:latest\n\n # analyze and output report to html\n # clair is running at https://example.clair.com:6060\n claircli -c https://example.clair.com:6060 example.reg.com/myimage1:latest\n\n # analyze and output report to html, json\n claircli -f html -f json example.reg.com/myimage1:latest\n\n # analyze with threshold and white list\n claircli -t High -w white_list_file.yml example.reg.com/myimage1:latest\n\n # analyze image on local host\n claircli -l \u003clocal ip address\u003e myimage1:latest myimage2:latest\n\n # analyze image on other host foo\n export DOCKER_HOST=tcp://\u003cip of foo\u003e:\u003cport of docker listen\u003e\n claircli -l \u003clocal ip address\u003e myimage1:latest\n\n # analyze with regular expression, following will match\n # example.reg.com/myimage1:latest\n # and example.reg.com/myimage2:latest\n claircli -r example.reg.com/myimage:latest\n\n # analyze with regular expression, following will match\n # example.reg.com/myimage1:latest only\n claircli -r example.reg.com/^myimage1$:^latest$\n\n # analyze an image stored in an Amazon ECR repository\n # This uses the registry token generated by the aws cli tool\n claircli -k 123456789012.dkr.ecr.us-east-1.amazonaws.com:$( aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' ) 123456789012.dkr.ecr.us-east-1.amazonaws.com/myimage:latest\n```\n\n## Optional whitelist yaml file\n\nThis is an example yaml file. You can have an empty file or a mix with only `common` or `\u003cdistribution\u003e`.\n\n```yaml\ncommon:\n CVE-2017-6055: XML\n CVE-2017-5586: OpenText\nubuntu:\n CVE-2017-5230: XSX\n CVE-2017-5586: OpenText\nalpine:\n CVE-2017-3261: SE\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelee2012%2Fclaircli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoelee2012%2Fclaircli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelee2012%2Fclaircli/lists"}