https://github.com/user-cont/colin
Tool to check generic rules/best-practices for containers/images/dockerfiles.
https://github.com/user-cont/colin
Last synced: 28 days ago
JSON representation
Tool to check generic rules/best-practices for containers/images/dockerfiles.
- Host: GitHub
- URL: https://github.com/user-cont/colin
- Owner: user-cont
- License: gpl-3.0
- Created: 2018-03-08T08:15:35.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2025-02-17T21:22:52.000Z (2 months ago)
- Last Synced: 2025-03-28T21:05:33.156Z (about 1 month ago)
- Language: Python
- Size: 6.38 MB
- Stars: 52
- Watchers: 7
- Forks: 27
- Open Issues: 21
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-repositories - user-cont/colin - Tool to check generic rules/best-practices for containers/images/dockerfiles. (Python)
README
# Colin




[](https://www.codacy.com/app/user-cont/colin?utm_source=github.com&utm_medium=referral&utm_content=user-cont/colin&utm_campaign=Badge_Grade)
[](https://ci.centos.org/job/user-cont-colin-master/)Tool to check generic rules and best-practices for container images and dockerfiles.
For more information, please check our [documentation on colin.readthedocs.io](https://colin.readthedocs.io/en/latest/).

# Features
- Validate a selected artifact against a ruleset.
- Artifacts can be container images and dockerfiles.
- We provide a default ruleset we believe every container image should satisfy.
- There is a ruleset to validate an artifact whether it complies to [Fedora Container Guidelines](https://fedoraproject.org/wiki/Container:Guidelines)
- Colin can list available rulesets and list checks in a ruleset.
- There is a python API available
- Colin can be integrated into your workflow easily - it can provide results in json format.## Installation
### Via `pip`
If you are on Fedora distribution, please install python3-pyxattr so you don't
have to compile it yourself when getting it from PyPI.```bash
$ pip3 install --user colin
````colin` is supported on python 3.6+ only.
### On Fedora distribution
colin is packaged in official Fedora repositories:
```
$ dnf install -y colin
```### Requirements
- For checking `image` target-type, you have to install [podman](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md). If you need to check local docker images, you need to prefix your images with `docker-daemon` (e.g. `colin check docker-daemon:docker.io/openshift/origin-web-console:v3.11`).
- If you want to use `oci` target, you need to install following tools:
- [umoci](https://github.com/opencontainers/umoci#install)
- [skopeo](https://github.com/containers/skopeo#skopeo-)## Usage
```
$ colin --help
Usage: colin [OPTIONS] COMMAND [ARGS]...COLIN -- Container Linter
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.Commands:
check Check the image/dockerfile (default).
info Show info about colin and its dependencies.
list-checks Print the checks.
list-rulesets List available rulesets.
``````
$ colin check --help
Usage: colin check [OPTIONS] TARGETCheck the image/dockerfile (default).
Options:
-r, --ruleset TEXT Select a predefined ruleset (e.g. fedora).
-f, --ruleset-file FILENAME Path to a file to use for validation (by
default they are placed in
/usr/share/colin/rulesets).
--debug Enable debugging mode (debugging logs, full
tracebacks).
--json FILENAME File to save the output as json to.
--stat Print statistics instead of full results.
-s, --skip TEXT Name of the check to skip. (this option is
repeatable)
-t, --tag TEXT Filter checks with the tag.
-v, --verbose Verbose mode.
--checks-path DIRECTORY Path to directory containing checks (default
['/home/flachman/.local/lib/python3.7/site-
packages/colin/checks']).
--pull Pull the image from registry.
--target-type TEXT Type of selected target (one of image,
dockerfile, oci). For oci, please specify
image name and path like this: oci:path:image
--timeout INTEGER Timeout for each check in seconds.
(default=600)
--insecure Pull from an insecure registry (HTTP or invalid
TLS).
-h, --help Show this message and exit.
```Let's give it a shot:
```
$ colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8
```### Directly from git
It's possible to use colin directly from git:
```
$ git clone https://github.com/user-cont/colin.git
$ cd colin
```We can now run the analysis:
```
$ python3 -m colin.cli.colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8
```### Exit codes
Colin can exit with several codes:
- `0` --> OK
- `1` --> error in the execution
- `2` --> CLI error, wrong parameters
- `3` --> at least one check failed