{ "info": { "author": "Vanessa Sochat", "author_email": "vsochat@stanford.edu", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: Science/Research", "License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)", "Operating System :: POSIX :: Linux", "Programming Language :: C", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Topic :: Scientific/Engineering", "Topic :: Software Development :: Quality Assurance" ], "description": "# Singularity Container Tools\n\nThese are tools for Singularity containers, optimized for using with continuous integration for security\nand quality checks. For an example of the package being used in a continuous integration context, see the [stools-clair](https://github.com/singularityhub/stools-clair) repository.\n\n[![asciicast](https://asciinema.org/a/178712.png)](https://asciinema.org/a/178712)\n\nIn this work we will use [Clair OS](https://github.com/coreos/clair) combined with Continuous Integration\n(travis and circle) to scan [Singularity](https://singularityware.github.io) containers for security\nvulnerabilities. \n\n## Background\nClair is intended to run as a server to continuous scan Docker *layers* for vulnerabilities. This doesn't map\nwell to the research domain because of the following:\n\n - Docker containers come in layers (.tar.gz files) while Singularity images are single binary files that don't \"plug in\" nicely to Clair.\n - Most researchers can't support continuous running of such a service.\n\nOn the other hand, a typical researcher *does* use services like [TravisCI](https://travis-ci.org) and [CircleCI](https://circle-ci.org) to\nrun their code bases against tests. Since these services now offer running containers and other service-type things, we in fact could do the following:\n\n - Spin up a Clair server during testing\n - Build a Singularity image, and scan the filesystem contents (before finalized in the image).\n\nWhile this isn't a continually running service, we can minimally ensure that a container is scanned each time\nit is built (and then likely merged to be used in production). If the user takes advantage of [Singularity Hub](https://www.singularity-hub.org) or [Singularity Registry Server](https://singularityhub.github.io/sregistry) the image will be pushed or built for production after passing \nthese various tests.\n\nThis experiment is based on early discussion in [this thread](https://github.com/singularityhub/sregistry/issues/14).\n\n\n## Basic Usage\n\nIf you want, build the container (or use from Docker Hub)\n\n```bash\ndocker build -t vanessa/stools-clair .\n```\n\nStart the application with docker compose. Note that you should have the images you want to scan in the $PWD, which will be mapped to the container in `/code` (see the docker-compose.yml file). You can change this around, just be sure that the containers you want to add are here. I'll be updating this so the server inside can accept a post for an external container, but I need some sleep first :)\n\n```bash\ndocker-compose up -d\n```\n\nScan a local image in $PWD mapped to /code in the container. If you didn't clone the repo, make sure you get the [docker-compose.yml](https://github.com/singularityhub/stools/blob/master/docker-compose.yml) file first!\n\n```bash\nsingularity pull shub://vsoch/singularity-hello-world\ndocker exec -it clair-scanner sclair vsoch-singularity-hello-world-master-latest.simg\n```\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://www.github.com/singularityhub/stools", "keywords": "singularity container tools", "license": "LICENSE", "maintainer": "", "maintainer_email": "", "name": "stools", "package_url": "https://pypi.org/project/stools/", "platform": "", "project_url": "https://pypi.org/project/stools/", "project_urls": { "Homepage": "http://www.github.com/singularityhub/stools" }, "release_url": "https://pypi.org/project/stools/0.0.1/", "requires_dist": null, "requires_python": "", "summary": "Command line tools for container quality assurance", "version": "0.0.1" }, "last_serial": 3815517, "releases": { "0.0.0": [ { "comment_text": "", "digests": { "md5": "9ecd34e68bcdf52a562bffaa6558273a", "sha256": "ba0e05b1579efea35da9187a49c599e5838e1e11c396d12482cef15036befa7a" }, "downloads": -1, "filename": "stools-0.0.0.tar.gz", "has_sig": false, "md5_digest": "9ecd34e68bcdf52a562bffaa6558273a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3405, "upload_time": "2018-04-26T18:53:53", "url": "https://files.pythonhosted.org/packages/1c/47/fc409f73775ac00ab9c8e23f6a1e9a54a33505e0a6b49a6c6a36ab4a5ec0/stools-0.0.0.tar.gz" } ], "0.0.1": [ { "comment_text": "", "digests": { "md5": "1d49a651fd5af0a5401e148286cf255b", "sha256": "85aca6f2c1ebba324b937f5bab7486f9bea5af5864516b2b5d2d8a56dc8265c8" }, "downloads": -1, "filename": "stools-0.0.1.tar.gz", "has_sig": false, "md5_digest": "1d49a651fd5af0a5401e148286cf255b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9287, "upload_time": "2018-04-27T22:23:49", "url": "https://files.pythonhosted.org/packages/2c/1c/d44e5717d0f8b417398c73d01ecc6aea4400a93af476d0cd5324c76d8a96/stools-0.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1d49a651fd5af0a5401e148286cf255b", "sha256": "85aca6f2c1ebba324b937f5bab7486f9bea5af5864516b2b5d2d8a56dc8265c8" }, "downloads": -1, "filename": "stools-0.0.1.tar.gz", "has_sig": false, "md5_digest": "1d49a651fd5af0a5401e148286cf255b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9287, "upload_time": "2018-04-27T22:23:49", "url": "https://files.pythonhosted.org/packages/2c/1c/d44e5717d0f8b417398c73d01ecc6aea4400a93af476d0cd5324c76d8a96/stools-0.0.1.tar.gz" } ] }