Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Container and Image Provider #405

Closed
ghost opened this issue Jun 13, 2023 · 0 comments · Fixed by #462
Closed

Docker Container and Image Provider #405

ghost opened this issue Jun 13, 2023 · 0 comments · Fixed by #462
Assignees
@adamtagscherer @paralta
Labels
enhancement New feature or request
Milestone
v0.6.0

Comments

@ghost
Copy link

ghost commented Jun 13, 2023
edited by ghost
Loading

Problem Statement

It would be cool if we were able to create a docker provider (not just for testing) which can discovery running container assets and images, as well as snapshot the running containers them through docker save and scan both the snapshots and images.

Proposed Solution

A new provider like the other cloud providers, which talks to the docker daemon to get a list of running containers and container images. These are reported as assets to the control plane. When an asset is chosen to be scanned the provider will receive the asset, determine if it is a runtime container or an image, then follow this flow:

If the asset is a runtime container:

  • A snapshot will be taken through docker commit saving the containers file system to a new container image

Then:

  • A scanner container will be booted with the docker socket mounted, and then the container image (either the original or the runtime snapshot) is configured as the input to the VMClarity CLI as a local container image.

Alternatives Considered

None

Additional Context

This can also be used as a good candidate for e2e testing because it should not require anything more than a machine running docker.
@chrisgacsal chrisgacsal added this to the v0.6.0 milestone Jun 15, 2023
@chrisgacsal chrisgacsal self-assigned this Jun 20, 2023
@paralta paralta assigned paralta and unassigned chrisgacsal Jun 20, 2023
@adamtagscherer adamtagscherer linked a pull request Jul 12, 2023 that will close this issue
feat(docker): create docker provider #462
Merged
7 tasks
@ghost ghost added the enhancement New feature or request label Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adamtagscherer adamtagscherer

@paralta paralta

Labels
enhancement New feature or request
Projects
OpenClarity
Status: Done
VMClarity Roadmap
Status: Done
Milestone
v0.6.0
Development

Successfully merging a pull request may close this issue.

feat(docker): create docker provider openclarity/vmclarity
3 participants
@chrisgacsal @adamtagscherer @paralta