Definitely not to the docker socket.  This would be a huge security
issue and would hard code us to docker containers.

I would prefer to drop a JSON file into the directory with content
describing the container.

On 01/13/2017 09:53 AM, Brent Baude wrote:
> Dharmit,
> I believe the intended image is mounted by its UUID.  One idea would be
> to share the docker socket with you scan container and then do a quick
> translation of the UUID to image name using the docker-py API.
> One issue with this approach is you get yourself in a bind (in some
> cases) with determining the image name.  Meaning, is it the repotag
> name(s), the LABEL name, or some other approach?  I would say that is
> one upside of your approach.
> There are other ways to resolve the name that are a little more
> involved.  If you want to know more, contact me off-list and we can
> discuss them.
> Brent
> On Fri, 2017-01-13 at 15:24 +0530, Dharmit Shah wrote:
>> Hi!
>> I recently worked on developing a scanner [1] that reports pip, npm,
>> gem
>> updates for a container. But, to me, it looks like I'm missing
>> something
>> and doing it in an improper way from `atomic scan` side of things.
>> The command I execute to check, let's say, pip related updates is:
>>     `IMAGE_NAME=<image_name> atomic scan --scanner misc-package-
>> updates --scan_type pip-updates <image_name>`
>> And the configuration file ensures that `IMAGE_NAME` variable I've
>> set
>> in above command is passed on to the scanner container as an
>> envrionment
>> variable [2]. It is then used to spin up a new container from the
>> image
>> to check for pip updates.
>> It is my understanding, and I'd like to know if it's correct, that
>> the
>> rootfs of image name specified with `atomic scan` command is mounted
>> onto the scanner container under `/scanin` directory and the scanner
>> output is expected under `/scanout` directory; but the image's name
>> is
>> not passed to the scanner container.
>> Is there a way to access the image's name inside a container without
>> doing it the way I've done using a variable?
>> [1]
>> ic_scanners/misc-package-updates
>> [2]
>> ic_scanners/misc-package-updates/misc-package-updates#L5
>> Regards,
>> Dharmit.

Reply via email to