Giter VIP home page Giter VIP logo

grype-offline-db's Introduction

Using Grype in offline environments

Using this project, you can use Grype in offline and airgapped environments.

Usually you need to host your own Grype database in such environments. This simple app simplifies this process, providing a way to host your Grype database in your Kubernetes environment.

Prerequisites

Here are some prerequisites to use this app:

  • imgpkg: for copying images to your private registry
  • kapp-controller: for deploying the app from your private registry and dealing with image relocation
  • secretgen-controller: for providing registry credentials
  • Knative: for managing the app deployment

How to use it?

Copy this app to your private registry:

imgpkg copy --bundle ghcr.io/alexandreroman/grype-offline-db-bundle --to-repo myreg.corp.com/grype-offline/grype-offline-db-bundle

This bundle contains container images and Kubernetes deployment files you need to run this app.

Download the app deployment file to your workstation, and edit this file accordingly by using your private registry:

- imgpkgBundle:
    image: myreg.corp.com/grype-offline/grype-offline-db-bundle:latest

Create a Kubernetes Secret holding your registry credentials:

kubectl create secret docker-registry grype-offline-regcreds --docker-server=myreg.corp.com --docker-username=johndoe --docker-password=changeme

You are now ready to deploy the app:

kubectl apply -f app.yaml

The app will be deployed to the namespace grype-offline.

Use this command to get access to the Grype database URL:

kubectl -n grype-offline get ksvc db
NAME   URL                                           LATESTCREATED   LATESTREADY   READY   REASON
db     http://db.grype-offline.kn.127.0.0.1.nip.io   db-00001        db-00001      True

Using this URL, you can now configure Grype to use this offline database (don't forget to add the suffix /listing.json):

GRYPE_DB_UPDATE_URL=http://db.grype-offline.kn.127.0.0.1.nip.io/listing.json grype db list
Built:    2023-05-22 13:35:24.568 +0000 UTC
URL:      http://db.grype-offline.kn.127.0.0.1.nip.io/grype-db.tar.gz
Checksum: sha256:19e63537c4605aeab03db75b35b8745a76c2486f9747aa35b6da1952724198b3

1 databases available for schema 5

Hope it helps!

Contribute

Contributions are always welcome!

Feel free to open issues & send PR.

License

Copyright © 2023 VMware, Inc. or its affiliates.

This project is licensed under the Apache Software License version 2.0.

grype-offline-db's People

Contributors

alexandreroman avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.