Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Evaluate tools for introspecting container images
See original GitHub issueThe syft tool supports generating a SBOM for a container image and has support for Python packages. We should check to see if we can leverage this to support container images in pip-audit.
cc: @di
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
CONTAIN4n6: a systematic evaluation of container artifacts
In this paper, we present a systematic evaluation of container artifacts ... “Introspection of docker objects - image and container” section ...
Read more >wagoodman/dive: A tool for exploring each layer in a ... - GitHub
A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
Read more >Insight from a Docker Container Introspection - ResearchGate
introspection tools, which are able to acquire data ... The second evaluation was ... access memory and disk images, as well as working....
Read more >Kubetools - A Curated List of Kubernetes Tools
Koolkits - Opinionated, language-specific, batteries-included debug container images for Kubernetes. Developement Tools/Kit. Okteto: A Tool for Cloud Native ...
Read more >[PDF] Insight from a Docker Container Introspection
Empirical support is provided for the idea that introspection tools can be ... visualizations of container contents and virtual machine disk images that...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
A further note in terms of reimplementing: Docker’s Python SDK is pretty well-featured, and includes a low-level API that might be able to do the kind of image introspection we need.
Edit: It looks like Tern uses the Docker Python SDK:
https://github.com/tern-tools/tern/blob/87e7cdd154bc3cad98db1174b192ab9592adcffb/tern/analyze/default/container/multi_layer.py#L85-L120
https://github.com/tern-tools/tern/blob/87e7cdd154bc3cad98db1174b192ab9592adcffb/tern/analyze/default/container/image.py
Yeah, I believe Docker’s Python SDK can’t really do anything without connecting to a Docker daemon. So if we don’t want to assume the presence of Docker, we probably can’t directly dupe or reuse their approach.
I’ll do some additional searching for something that looks like stereoscope, but in Python. It might also be possible to write a native Python extension that adapts stereoscope directly, although I’m not familiar with what that looks like with Go (I’ve done it for Rust and C/C++ and I’ve used Go extensions, but never written the latter).