index cli plugin

Note: This repository is not an officially supported Docker project.

Docker CLI tool to create image SBOMs as well as analyze packages for known vulnerabilities using the Atomist data plane.

You can install manually by following these steps:

• Download the binary from the release page
• Unzip the archive

To create an SBOM for a local or remote image, run the following command:

$ docker-index sbom --image <IMAGE> 

• --image can either be a local image id or fully qualified image name from a remote registry
• --oci-dir can point to a local image in OCI directory format
• --output
  allows to store the generated SBOM in a local file
• --include-cves will include all detected CVEs in generated output

To detect base images for local or remote images, use the following command:

$ docker-index cve --image <IMAGE> CVE_ID 

• --image can either be a local image id or fully qualified image name from a remote registry
• --oci-dir can point to a local image in OCI directory format
• --remediate include suggested remediation in the output
• CVE_ID can be any known CVE id