Dockerfileでどのコンテナイメージ使おうかと毎回Docker Hubでググっていましたが、コマンドベース(CLI)で確認できるツール dockertags があまりにも便利すぎるのでご紹介したいと思います。
■Whats dockertags
https://github.com/goodwithtech/dockertags
コンテナイメージの情報をシンプルに確認するツール dockertags をリリースしたので、記事を書きました。https://t.co/6qYGRVQau1https://t.co/ent49VbQBw
— Tomoya AMACHI (@tomoyamachi) December 26, 2019
作者は @tomoyamachi 氏です!できることをまとめました。
- OS、バージョンのイメージが使えるのかCLIで検索できる
- 各種プライベートレジストリに対応
- CIで最新のビルドイメージのタグを特定して、イメージに対して処理が可能
- イメージに対してスケジュールを組んで、Trivyと共に脆弱性チェックも可能
実際に使っていきましょう!!!
■Install/help
- Mac
|
1 |
$ brew install goodwithtech/r/dockertags |
- Docker
|
1 |
$ docker run --rm goodwithtech/dockertags [IMAGENAME] |
- help
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$ dockertags -h NAME: dockertags - fetch docker image tags USAGE: dockertags [options] image_name VERSION: 0.1.1 OPTIONS: --limit value, -l value set max tags count. if exist no tag image will be short numbers. limit=0 means fetch all tags (default: 0) --contain value, -c value contains target string. multiple string allows. --format value, -f value target format table or json, default table (default: "table") --output value, -o value output file name, default output to stdout --authurl value, --auth value Url when fetch authentication --timeout value, -t value e.g)5s, 1m (default: 10s) --username value, -u value Username --password value, -p value Using -password via CLI is insecure. Be careful. --debug, -d Show debug logs --help, -h show help --version, -v print the version |
■Quick Start
- dockertags
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
$ dockertags alpine +--------------------------------+------+----------------------+-------------+ | TAG | SIZE | CREATED AT | UPLOADED AT | +--------------------------------+------+----------------------+-------------+ | 3 | 2.7M | 2019-12-24T20:40:57Z | NULL | | 3.11 | | | | | latest | | | | | 3.11.2 | | | | +--------------------------------+------+----------------------+-------------+ | edge | 2.7M | 2019-12-20T00:41:30Z | NULL | | 20191219 | | | | +--------------------------------+------+----------------------+-------------+ | 3.11.0 | 2.7M | 2019-12-20T00:41:21Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20191114 | 2.7M | 2019-11-14T22:41:11Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10 | 2.7M | 2019-10-21T18:41:18Z | NULL | | 3.10.3 | | | | +--------------------------------+------+----------------------+-------------+ | 20190925 | 2.7M | 2019-09-25T22:40:50Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10.2 | 2.7M | 2019-08-20T21:40:57Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.8 | 2.1M | 2019-08-20T06:41:01Z | NULL | | 3.8.4 | | | | +--------------------------------+------+----------------------+-------------+ | 20190809 | 2.7M | 2019-08-09T21:41:13Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10.1 | 2.7M | 2019-07-11T22:41:17Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20190707 | 2.7M | 2019-07-08T23:41:07Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.9 | 2.6M | 2019-06-19T21:41:56Z | NULL | | 3.9.4 | | | | +--------------------------------+------+----------------------+-------------+ | 3.7 | 2M | 2019-06-19T21:41:30Z | NULL | | 3.7.3 | | | | +--------------------------------+------+----------------------+-------------+ | 3.10.0 | 2.7M | 2019-06-19T21:41:15Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20190508 | 2.7M | 2019-06-19T21:40:35Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.6 | 1.9M | 2019-05-11T00:33:35Z | NULL | | 3.6.5 | | | | +--------------------------------+------+----------------------+-------------+ | 3.9.3 | 2.6M | 2019-04-10T12:40:57Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20190408 | 2.7M | 2019-04-10T12:40:33Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.9.2 | 2.6M | 2019-03-08T03:40:59Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20190228 | 2.7M | 2019-03-08T03:40:34Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.5 | 1.9M | 2019-01-30T22:42:21Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.4 | 2.3M | 2019-01-30T22:42:16Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.3 | 2.3M | 2019-01-30T22:42:11Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.2 | 2.5M | 2019-01-30T22:42:06Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.1 | 2.2M | 2019-01-30T22:42:01Z | NULL | +--------------------------------+------+----------------------+-------------+ |
まずは適当にalpineイメージのバージョンを取得してみました。次に最新10件だけ取得したい場合は以下のように -l 10 と指定すると取得されます。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
$ dockertags -l 10 alpine +--------------------------------+------+----------------------+-------------+ | TAG | SIZE | CREATED AT | UPLOADED AT | +--------------------------------+------+----------------------+-------------+ | 3 | 2.7M | 2019-12-24T20:40:57Z | NULL | | 3.11 | | | | | latest | | | | | 3.11.2 | | | | +--------------------------------+------+----------------------+-------------+ | edge | 2.7M | 2019-12-20T00:41:30Z | NULL | | 20191219 | | | | +--------------------------------+------+----------------------+-------------+ | 3.11.0 | 2.7M | 2019-12-20T00:41:21Z | NULL | +--------------------------------+------+----------------------+-------------+ | 20191114 | 2.7M | 2019-11-14T22:41:11Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10 | 2.7M | 2019-10-21T18:41:18Z | NULL | | 3.10.3 | | | | +--------------------------------+------+----------------------+-------------+ | 20190925 | 2.7M | 2019-09-25T22:40:50Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10.2 | 2.7M | 2019-08-20T21:40:57Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.8 | 2.1M | 2019-08-20T06:41:01Z | NULL | | 3.8.4 | | | | +--------------------------------+------+----------------------+-------------+ | 20190809 | 2.7M | 2019-08-09T21:41:13Z | NULL | +--------------------------------+------+----------------------+-------------+ | 3.10.1 | 2.7M | 2019-07-11T22:41:17Z | NULL | +--------------------------------+------+----------------------+-------------+ |
次は指定の文字列を含む場合のイメージを取得してみましょう。例としてwordpressのイメージを使ってみました。
- php7.4
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
$ dockertags -l 10 -c 7.4 -c php wordpress +--------------------------------+--------+----------------------+-------------+ | TAG | SIZE | CREATED AT | UPLOADED AT | +--------------------------------+--------+----------------------+-------------+ | php7.4-fpm | 173M | 2019-12-29T11:17:45Z | NULL | | 5-php7.4-fpm | | | | | 5.3-php7.4-fpm | | | | | 5.3.2-php7.4-fpm | | | | +--------------------------------+--------+----------------------+-------------+ | php7.4 | 176.7M | 2019-12-29T11:17:41Z | NULL | | 5-php7.4 | | | | | 5.3-php7.4 | | | | | 5.3.2-php7.4 | | | | | php7.4-apache | | | | | 5-php7.4-apache | | | | | 5.3-php7.4-apache | | | | | 5.3.2-php7.4-apache | | | | +--------------------------------+--------+----------------------+-------------+ | php7.4-fpm-alpine | 64.6M | 2019-12-27T05:16:41Z | NULL | | 5-php7.4-fpm-alpine | | | | | 5.3-php7.4-fpm-alpine | | | | | 5.3.2-php7.4-fpm-alpine | | | | +--------------------------------+--------+----------------------+-------------+ | cli-php7.4 | 45.7M | 2019-12-27T05:16:15Z | NULL | | cli-2-php7.4 | | | | | cli-2.4-php7.4 | | | | | cli-2.4.0-php7.4 | | | | +--------------------------------+--------+----------------------+-------------+ | 5.3.1-php7.4-fpm-alpine | 62.9M | 2019-12-19T08:27:09Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.3.1-php7.4-fpm | 173M | 2019-12-19T08:27:05Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.3.1-php7.4 | 176.7M | 2019-12-19T08:26:59Z | NULL | | 5.3.1-php7.4-apache | | | | +--------------------------------+--------+----------------------+-------------+ | 5.3.0-php7.4-fpm-alpine | 62.9M | 2019-12-06T08:19:25Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.3.0-php7.4-fpm | 173M | 2019-12-06T08:19:21Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.3.0-php7.4 | 176.7M | 2019-12-06T08:19:17Z | NULL | | 5.3.0-php7.4-apache | | | | +--------------------------------+--------+----------------------+-------------+ |
- php5.6
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
$ dockertags -l 10 -c 5.6 -c php wordpress +--------------------------------+--------+----------------------+-------------+ | TAG | SIZE | CREATED AT | UPLOADED AT | +--------------------------------+--------+----------------------+-------------+ | php5.6-fpm | 130.8M | 2019-01-04T11:48:14Z | NULL | | 5-php5.6-fpm | | | | | 5.0-php5.6-fpm | | | | | 5.0.2-php5.6-fpm | | | | +--------------------------------+--------+----------------------+-------------+ | php5.6 | 134.4M | 2019-01-04T11:46:46Z | NULL | | 5-php5.6 | | | | | 5.0-php5.6 | | | | | 5.0.2-php5.6 | | | | | php5.6-apache | | | | | 5-php5.6-apache | | | | | 5.0-php5.6-apache | | | | | 5.0.2-php5.6-apache | | | | +--------------------------------+--------+----------------------+-------------+ | php5.6-fpm-alpine | 37.6M | 2019-01-02T09:44:40Z | NULL | | 5-php5.6-fpm-alpine | | | | | 5.0-php5.6-fpm-alpine | | | | | 5.0.2-php5.6-fpm-alpine | | | | +--------------------------------+--------+----------------------+-------------+ | cli-php5.6 | 36.8M | 2018-12-21T19:04:12Z | NULL | | cli-2-php5.6 | | | | | cli-2.1-php5.6 | | | | | cli-2.1.0-php5.6 | | | | +--------------------------------+--------+----------------------+-------------+ | 5.0.1-php5.6-fpm-alpine | 37.8M | 2018-12-20T01:27:55Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.0.1-php5.6-fpm | 130.7M | 2018-12-20T01:26:46Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.0.1-php5.6 | 134.4M | 2018-12-20T01:25:21Z | NULL | | 5.0.1-php5.6-apache | | | | +--------------------------------+--------+----------------------+-------------+ | cli-2.0-php5.6 | 37M | 2018-12-11T21:04:28Z | NULL | | cli-2.0.1-php5.6 | | | | +--------------------------------+--------+----------------------+-------------+ | 5.0.0-php5.6-fpm-alpine | 37.8M | 2018-12-11T20:50:14Z | NULL | +--------------------------------+--------+----------------------+-------------+ | 5.0.0-php5.6-fpm | 130.7M | 2018-12-11T20:49:03Z | NULL | +--------------------------------+--------+----------------------+-------------+ |
- JSON
-f json を指定するだけでJSONでも取得できるようになります。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
$ dockertags -l 2 -c 7.4 -c php -f json wordpress [ { "tags": [ "php7.4-fpm", "5.3-php7.4-fpm", "5.3.2-php7.4-fpm", "5-php7.4-fpm" ], "byte": 181437356, "created_at": "2019-12-29T11:17:45.387365Z", "uploaded_at": "0001-01-01T00:00:00Z" }, { "tags": [ "php7.4-apache", "php7.4", "5.3-php7.4-apache", "5.3-php7.4", "5.3.2-php7.4-apache", "5.3.2-php7.4", "5-php7.4-apache", "5-php7.4" ], "byte": 185294410, "created_at": "2019-12-29T11:17:41.549718Z", "uploaded_at": "0001-01-01T00:00:00Z" } ] |
- Private Registry (Docker Hub, Amazon ECR, GCR)
もちろんECRやGCRなどのプライベートレジストリも取得可能です。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$ export AWS_PROFILE=XXXXX $ dockertags xxxxxxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/adachin-vuls +------------------------------------------+-------+------------+----------------------+ | TAG | SIZE | CREATED AT | UPLOADED AT | +------------------------------------------+-------+------------+----------------------+ | e3a27f568d767c262deb1e22214024095a91a28a | 61.3M | NULL | 2019-11-20T11:41:02Z | | 2f0690dddc12c47ca5f407bfa7f24ef4bfda49be | 61.3M | NULL | 2019-09-17T06:22:24Z | | ab192f7826efe21362775a04265bebc22715bba5 | 61.2M | NULL | 2019-08-19T05:45:58Z | | e5e5f67dc5aa6bf317dc84a48805fe0c70e4d789 | 61.2M | NULL | 2019-06-24T14:43:55Z | | 30b5f664ba75d4ee35ceee28c3ed6f975483be43 | 61.2M | NULL | 2019-06-11T17:02:40Z | | e7554a8d3247502d41ef96e1d866dac578249c55 | 61.2M | NULL | 2019-05-10T14:41:37Z | | 00a5e3db0d0880f06e7921aee0b4cd97f77c2d9b | 60.5M | NULL | 2019-04-02T11:58:13Z | | 756465066665054022fa9ad59ad3e7a6173fb683 | 60.5M | NULL | 2019-04-02T07:42:46Z | | 0677d9d210a37efd3677ca175b8326f5d67182a2 | 60.5M | NULL | 2019-03-22T17:09:01Z | +------------------------------------------+-------+------------+----------------------+ |
■Trivy/dockertags
指定したイメージの最新のバージョンでTrivyを使って脆弱性スキャンもできます。(Trivyわからない方は↓)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$ export IMAGENAME=<imagename> $ trivy $IMAGENAME:$(dockertags -limit 1 -format json $IMAGENAME | jq -r .[0].tags[0]) ================================== Total: 4 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 1, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | musl | CVE-2019-14697 | HIGH | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 | | | | | | | has an x87 floating-point | | | | | | | stack adjustment imbalance, | | | | | | | related... | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | openssl | CVE-2019-1549 | MEDIUM | 1.1.1b-r1 | 1.1.1d-r0 | openssl: information | | | | | | | disclosure in fork() | + +------------------+ + + +--------------------------------+ | | CVE-2019-1563 | | | | openssl: information | | | | | | | disclosure in PKCS7_dataDecode | | | | | | | and CMS_decrypt_set1_pkey | + +------------------+----------+ + +--------------------------------+ | | CVE-2019-1547 | LOW | | | openssl: side-channel weak | | | | | | | encryption vulnerability | +---------+------------------+----------+-------------------+---------------+--------------------------------+ |
■まとめ
これはなかなか便利でした!CIに組み込んでTrivyと連携できるのはいいですね。ちなみにFutureVulsでも実装されているそうです!!
0件のコメント