imagelinter

command module

v0.0.0-...-2b20edc Latest Latest Go to latest Published: Apr 29, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/community-edition

Links

Open Source Insights

README ¶

Imagelinter

Imagelinter is used to verify and validate docker images.Docker images can be from dockerfiles or yaml | yml files.

The problem

In order to adhere to open source compliance, some repos should not contain Alpine based images in any Docker or Image files. Hence, we make sure that all docker images (from Dockerfiles or from yaml|yml files) should not be Alpine-based images.

Solution

There is no straight command or a way to identify Linux OS from Docker perspective. After a deep analysis, we have found a few solutions that can apparently identify Linux OS of a given image.The below are steps that are executed when the linter is run.

Read Image metadata from the registry/Image libraries
Pull image and analyze Image meta-data (History)
Create a container and read /etc/os-release file
Copy etc/os-release to the local path and then analyze
Copy /usr/lib/os-release to the local path and then analyze
Check if there is any License file inside the container
Copy a simple binary to the container
Nothing determines the OS then reject the image

Configuration

imagelinter supports few configurations.The below is the default configuration file.

---
includeExts:
- ".yaml"
- ".yml"
includeLines:
- 'image:'
- FROM
matchPattern:
- "packages/*/*/bundle/.imgpkg/*"
ignoreImages:
- "index.docker.io/grafana/grafana@sha256:4e5835bcfd55cf72563a06932f10c75d9d92a0e1334a4c83eaa9c5b897370b25"
- "index.docker.io/rancher/local-path-provisioner@sha256:9666b1635fec95d4e2251661e135c90678b8f45fd0f8324c55db99c80e2a958c"
- "k8s.gcr.io/external-dns/external-dns@sha256:e49f63e07498ce8484c9e9050c1dfbc2584f4c9c262433d80387e855725e6bce"
- "index.docker.io/kiwigrid/k8s-sidecar@sha256:444be8cef8b25b4aaddea692ae09e3883d9064c0d31b43c4ba388a83c920552f"
- "index.docker.io/minio/minio@sha256:e7e9a563f52bf95f614e8017c2da9bd5d9f2f1ae0dc1127767fa341b3ae22088"
- "gcr.io/cadvisor/cadvisor@sha256:10638ceca79c01f4045f4a645242e763fe62eeb71d859ff93b09b0854a0d2220"
succesValidators:
- apt-get
- apt
- yum
- "/lib/x86_64-linux-gnu"
- "/usr/lib/x86_64-linux-gnu"
- "imgpkg"
failureValidators:
- Alpine

How to run imagelinter

-To manually run imagelinter, user must download(clone) the source code.

Navigate to the root directory and run the following make command make imagelint or
cd hack/imagelinter && go run main.go --path <any valid path or it takes only current working directory> -- config <provide config path or default path will be taken> --summary=true --details=fail

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
pkg
imagewrapper
lint

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL