Definitely not to the docker socket. This would be a huge security
issue and would hard code us to docker containers.
I would prefer to drop a JSON file into the directory with content
describing the container.
On 01/13/2017 09:53 AM, Brent Baude wrote:
> I believe the intended image is mounted by its UUID. One idea would be
> to share the docker socket with you scan container and then do a quick
> translation of the UUID to image name using the docker-py API.
> One issue with this approach is you get yourself in a bind (in some
> cases) with determining the image name. Meaning, is it the repotag
> name(s), the LABEL name, or some other approach? I would say that is
> one upside of your approach.
> There are other ways to resolve the name that are a little more
> involved. If you want to know more, contact me off-list and we can
> discuss them.
> On Fri, 2017-01-13 at 15:24 +0530, Dharmit Shah wrote:
>> I recently worked on developing a scanner  that reports pip, npm,
>> updates for a container. But, to me, it looks like I'm missing
>> and doing it in an improper way from `atomic scan` side of things.
>> The command I execute to check, let's say, pip related updates is:
>> `IMAGE_NAME=<image_name> atomic scan --scanner misc-package-
>> updates --scan_type pip-updates <image_name>`
>> And the configuration file ensures that `IMAGE_NAME` variable I've
>> in above command is passed on to the scanner container as an
>> variable . It is then used to spin up a new container from the
>> to check for pip updates.
>> It is my understanding, and I'd like to know if it's correct, that
>> rootfs of image name specified with `atomic scan` command is mounted
>> onto the scanner container under `/scanin` directory and the scanner
>> output is expected under `/scanout` directory; but the image's name
>> not passed to the scanner container.
>> Is there a way to access the image's name inside a container without
>> doing it the way I've done using a variable?