https://github.com/tembleking/sysdig-cli-scanner-nix
https://github.com/tembleking/sysdig-cli-scanner-nix
Last synced: over 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/tembleking/sysdig-cli-scanner-nix
- Owner: tembleking
- Created: 2024-07-24T19:51:22.000Z (almost 2 years ago)
- Default Branch: master
- Last Pushed: 2025-03-25T01:55:06.000Z (over 1 year ago)
- Last Synced: 2025-03-25T02:38:35.432Z (over 1 year ago)
- Language: Nix
- Size: 20.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Sysdig CLI Scanner Nix Flake
This repository provides a Nix flake for managing [Sysdig's sysdig-cli-scanner](https://docs.sysdig.com/en/docs/installation/sysdig-secure/#vulnerability-pipeline-scanning) on Nix-based systems.
The `sysdig-cli-scanner` is a versatile tool used for scanning container images and directories, whether they are located locally or remotely. It supports both Vulnerability Management (VM) mode for image scanning and Infrastructure as Code (IaC) mode for scanning directories.
## Installation
To install the sysdig-cli-scanner package using this flake:
### In non-NixOS systems
Use Nix to install the package in your profile:
```sh
nix profile install github:tembleking/sysdig-cli-scanner-nix#sysdig-cli-scanner
````
### In NixOS systems
Add this flake as an input in your `flake.nix`:
```nix
{
inputs = {
sysdig-cli-scanner = {
url = "github:tembleking/sysdig-cli-scanner-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
}
```
Add the overlay and the package to your `configuration.nix`:
```nix
{
config,
pkgs,
...
}@ inputs: {
nixpkgs.overlays = [ inputs.sysdig-cli-scanner.overlays.default ];
environment.systemPackages = [
sysdig-cli-scanner
];
}
```
## Running the scanner
You can run sysdig-cli-scanner to scan images or IaC resources:
### For VM mode (Image Scanning)
```sh
SECURE_API_TOKEN= sysdig-cli-scanner --apiurl
```
### For IaC mode (Directory Scanning)
```sh
SECURE_API_TOKEN= sysdig-cli-scanner --iac --apiurl
```
## Documentation
For other usage examples, refer to the [official Sysdig CLI Scanner documentation](https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/).