{"id":18755716,"url":"https://github.com/okpalindrome/docker-multi-scan","last_synced_at":"2026-02-07T02:01:13.748Z","repository":{"id":255621335,"uuid":"852622558","full_name":"okpalindrome/docker-multi-scan","owner":"okpalindrome","description":"Security scan on Docker images using Grype, Trivy and Docker-Scout (.xlsx)  ","archived":false,"fork":false,"pushed_at":"2025-01-12T12:47:16.000Z","size":21,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-21T22:02:21.501Z","etag":null,"topics":["docker-image","docker-scout","grype","trivy-scan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/okpalindrome.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-05T06:07:12.000Z","updated_at":"2025-01-12T12:47:19.000Z","dependencies_parsed_at":"2024-09-06T11:03:18.328Z","dependency_job_id":"abd87dee-6422-45e4-92b6-37f06c57d127","html_url":"https://github.com/okpalindrome/docker-multi-scan","commit_stats":null,"previous_names":["okpalindrome/docker-multi-scan"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/okpalindrome/docker-multi-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okpalindrome%2Fdocker-multi-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okpalindrome%2Fdocker-multi-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okpalindrome%2Fdocker-multi-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okpalindrome%2Fdocker-multi-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/okpalindrome","download_url":"https://codeload.github.com/okpalindrome/docker-multi-scan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/okpalindrome%2Fdocker-multi-scan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29184977,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T00:44:15.062Z","status":"online","status_checked_at":"2026-02-07T02:00:07.217Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","docker-scout","grype","trivy-scan"],"created_at":"2024-11-07T17:33:42.443Z","updated_at":"2026-02-07T02:01:13.732Z","avatar_url":"https://github.com/okpalindrome.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker-multi-scan\n\nA script to automate docker image vulnerability scanning using open-source tools like `grype`, `trivy` and `docker-scout`. Filters the result to get the unique CVEs/git-vul-ids and store it `.xlsx` file format.\n\n#### Execution Process\n1. Get the image details from a input file\n2. Pull the image locally if it does not exist\n3. Scan using open-source tools and get json files for each\n4. Delete pulled image to save the system storage\n5. Repeats the process untill all images from the input file is completed\n6. Parse the json output files from each tool\n7. Filter the unique result with details like CVE, Severity, Package, Installed Version, Fixed Versions and Source. \n8. Keeps track of failed scans or command errors during the process inside `Failed_cases.txt` file (only if failed).\n\n\n## Pre-requisites\n- Python3 and run `pip install xlsxwriter`\n- Start Docker (Desktop-GUI or deamon)\n- Login to the private registry where the images are hosted. Using `docker login \u003cregistry-url\u003e`\n- `grype`, `trivy` and `docker-scout` (logged-in using above command) - should be accessible.\n- Update respective tools DBs -\n  - `grype db update`\n  - `trivy` auto db update on the first scan.\n  - `docker-scout` real time comparison with multiple sources.\n\n\n## Run\n```python docker-multi-scan.py --help\nusage: docker-multi-scan.py [-h] --file FILE --output OUTPUT\n\nDocker image scan and result filtration\n\noptions:\n  -h, --help            show this help message and exit\n  --file FILE, -f FILE  Input file path containing the list of docker images\n  --output OUTPUT, -o OUTPUT\n                        Output directory path to save json file and excel file\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokpalindrome%2Fdocker-multi-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fokpalindrome%2Fdocker-multi-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fokpalindrome%2Fdocker-multi-scan/lists"}