@@ -5,7 +5,108 @@ summary: >
55 We do try to keep a list of links to all integrations and other related websites that you may find useful.
66---
77
8- # Examples
8+ # Common scenarios & recipes
9+
10+ ## Scan local image, built using docker
11+
12+ ```
13+ #Build the image locally
14+ docker build -t <image-name> .
15+
16+ #Scan the image, available on local docker. Mounting docker socket is required
17+ docker run --rm \
18+ -v /var/run/docker.sock:/var/run/docker.sock \
19+ quay.io/sysdig/secure-inline-scan:2 \
20+ --sysdig-url <omitted> \
21+ --sysdig-token <omitted> \
22+ --storage-type docker-daemon \
23+ --storage-path /var/run/docker.sock \
24+ <image-name>
25+ ```
26+
27+ ## Local image (provided docker archive)
28+
29+ Assuming the image <image-name > is avaiable as an image tarball at ` image.tar ` .
30+
31+ For example, the command ` docker save <image-name> -o image.tar ` creates a tarball for <image-name >.
32+
33+ ```
34+ docker run --rm \
35+ -v ${PWD}/image.tar:/tmp/image.tar \
36+ quay.io/sysdig/secure-inline-scan:2 \
37+ --sysdig-url <omitted> \
38+ --sysdig-token <omitted> \
39+ --storage-type docker-archive \
40+ --storage-path /tmp/image.tar \
41+ <image-name>
42+ ```
43+
44+ ## Public registry image
45+
46+ Example: scan ` alpine ` image from public registry. The scanner will pull and scan it.
47+
48+ ```
49+ docker run --rm \
50+ quay.io/sysdig/secure-inline-scan:2 \
51+ --sysdig-url <omitted> \
52+ --sysdig-token <omitted> \
53+ alpine
54+ ```
55+
56+ ## Private registry image
57+
58+ To scan images from private registries, you might need to provide credentials:
59+
60+ ```
61+ docker run --rm \
62+ quay.io/sysdig/secure-inline-scan:2 \
63+ --sysdig-url <omitted> \
64+ --sysdig-token <omitted> \
65+ --registry-auth-basic <user:passw> \
66+ <image-name>
67+ ```
68+
69+ Authentication methods available are:
70+ * ` --registry-auth-basic ` for authenticating via http basic auth
71+ * ` --registry-auth-file ` for authenticating via docker/skopeo credentials file
72+ * ` --registry-auth-token ` for authenticating via registry token
73+
74+ ## Containers-storage (cri-o, podman, buildah and others)
75+
76+ Scan images from container runtimes using containers-storage format:
77+
78+ ```
79+ #Build an image using buildah from a Dockerfile
80+ buildah build-using-dockerfile -t myimage:latest
81+
82+ #Scan the image. Options '-u root' and '--privileged' might be needed depending
83+ #on the access permissions for /var/lib/containers
84+ docker run \
85+ -u root --privileged \
86+ -v /var/lib/containers:/var/lib/containers \
87+ quay.io/sysdig/secure-inline-scan:2 \
88+ --storage-type cri-o \
89+ --sysdig-token <omitted> \
90+ localhost/myimage:latest
91+ ```
92+
93+ Example for an image pulled with podman
94+
95+ ```
96+ podman pull docker.io/library/alpine
97+
98+ #Scan the image. Options '-u root' and '--privileged' might be needed depending
99+ #on the access permissions for /var/lib/containers
100+ docker run \
101+ -u root --privileged \
102+ -v /var/lib/containers:/var/lib/containers \
103+ quay.io/sysdig/secure-inline-scan:2 \
104+ --storage-type cri-o \
105+ --sysdig-token <omitted> \
106+ docker.io/library/alpine
107+ ```
108+
109+ # Other integrations and examples
9110
10111In this [ repository] ( https://github.com/sysdiglabs/secure-inline-scan-examples/ ) you can find the following examples in alphabetical order:
11112
0 commit comments