https://github.com/anchore/ecs-inventory

Anchore ECS Inventory can poll ECS Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-use
https://github.com/anchore/ecs-inventory

Last synced: 3 days ago
JSON representation

Anchore ECS Inventory can poll ECS Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-use

• Host: GitHub
• URL: https://github.com/anchore/ecs-inventory
• Owner: anchore
• License: apache-2.0
• Created: 2022-12-14T19:39:28.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-10-27T09:08:43.000Z (17 days ago)
• Last Synced: 2024-10-27T10:20:14.707Z (17 days ago)
• Language: Go
• Homepage:
• Size: 602 KB
• Stars: 6
• Watchers: 10
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
# Anchore ECS Inventory

`anchore-ecs-inventory` is a tool to gather an inventory of images in use by

Amazon Elastic Container Service (ECS).

## Usage

`anchore-ecs-inventory` is a command line tool. It can be run with the following

command:

```

$ anchore-ecs-inventory can poll Amazon ECS (Elastic Container Service) APIs to tell Anchore which Images are currently in-use

Usage:

  anchore-ecs-inventory [flags]

  anchore-ecs-inventory [command]

Available Commands:

  completion  Generate Completion script

  help        Help about any command

  version     show the version

Flags:

  -c, --config string                     application config file

  -d, --dry-run                           do not report inventory to Anchore

  -h, --help                              help for anchore-ecs-inventory

  -p, --polling-interval-seconds string   this specifies the polling interval of the ECS API in seconds (default "300")

  -q, --quiet                             suppresses inventory report output to stdout

  -r, --region string                     if set overrides the AWS_REGION environment variable/region specified in anchore-ecs-inventory config

  -v, --verbose count                     increase verbosity (-v = info, -vv = debug)

Use "anchore-ecs-inventory [command] --help" for more information about a command. 

```

## Configuration

`anchore-ecs-inventory` needs to be configured with AWS credentials and Anchore

ECS Inventory configuration.

### AWS Credentials

Anchore ECS Inventory uses the AWS SDK for Go. The SDK will look for credentials

in the following order:

1. Environment variables

2. Shared credentials file (~/.aws/credentials)

   ```

   [default]

   aws_access_key_id = 

   aws_secret_access_key = 

   ```

### Anchore ECS Inventory Configuration

Anchore ECS Inventory can be configured with a configuration file. The default

location the configuration file is looked for is

`~/.anchore-ecs-inventory.yaml`. The configuration file can be overridden

with the `-c` flag.

```yaml

log:

  # level of logging that anchore-ecs-inventory will do  { 'error' | 'info' | 'debug }

  level: "info"

  

  # location to write the log file (default is not to have a log file)

  file: "./anchore-ecs-inventory.log"

anchore:

  # anchore enterprise api url  (e.g. http://localhost:8228)

  url: $ANCHORE_ECS_INVENTORY_ANCHORE_URL

  

  # anchore enterprise username

  user: $ANCHORE_ECS_INVENTORY_ANCHORE_USER 

  

  # anchore enterprise password

  password: ANCHORE_ECS_INVENTORY_ANCHORE_PASSWORD

  

  # anchore enterprise account that the inventory will be sent

  account: $ANCHORE_ECS_INVENTORY_ANCHORE_ACCOUNT

  

  http:

    insecure: true

    timeout-seconds: 10

# the aws region

region: $ANCHORE_ECS_INVENTORY_REGION

# frequency of which to poll the region

polling-interval-seconds: 300

quiet: false

```

You can also override any configuration value with environment variables. They

must be prefixed with `ANCHORE_ECS_INVENTORY_` and be in all caps. For example,

`ANCHORE_ECS_INVENTORY_LOG_LEVEL=error` would override the `log.level`

configuration

## Releasing

To create a release of `anchore-ecs-inventory`, a tag needs to be created that points to a commit in `main`

that we want to release. This tag shall be a semver prefixed with a `v`, e.g. `v0.2.7`.

Once pushed to origin, this will trigger a GitHub Action that will create the release.

```sh

git tag -s -a v0.2.7 -m "v0.2.7"

git push origin v0.2.7

```

After the release has been successfully created, make sure to specify the updated version

in the `ecs-inventory` Helm Chart in [anchore-charts](https://github.com/anchore/anchore-charts). 

The files to edit are `Chart.yaml` and `values.yaml`.