Vuls Docker components
This is the Git repo of the official Docker image for vuls.
Supported tags and respective Dockerfile links
- go-cve-dictionary
- goval-dictionary
- vuls
- vulsrepo
This image version is same as the github repository version.
Caution
This image is built per commit. If you want to use the latest docker image, you should remove the existing image, and pull it once again.
- Confirm your vuls version
- go-cve-dictionary
$ docker run --rm vuls/go-cve-dictionary -v
go-cve-dictionary v0.0.xxx xxxx
- goval-dictionary
$ docker run --rm vuls/goval-dictionary -v
goval-dictionary v0.0.xxx xxxx
- vuls
$ docker run --rm vuls/vuls -v
vuls v0.0.xxx xxxx
- Remove your old docker images
- go-cve-dictionary
$ docker rmi vuls/go-cve-dictionary
- goval-dictionary
$ docker rmi vuls/goval-dictionary
- vuls
$ docker rmi vuls/vuls
- Pull new vuls docker images
- go-cve-dictionary
$ docker pull vuls/go-cve-dictionary
- goval-dictionary
$ docker pull vuls/goval-dictionary
- vuls
$ docker pull vuls/vuls
- Confirm your vuls version
$ docker run --rm vuls/go-cve-dictionary -v
go-cve-dictionary v0.1.xxx xxxx
$ docker run --rm vuls/goval-dictionary -v
goval-dictionary v0.1.xxx xxxx
- vuls
$ docker run --rm vuls/vuls -v
vuls v0.1.xxx xxxx
How to use this image
- fetch nvd (vuls/go-cve-dictionary)
- fetch oval (vuls/goval-dictionary)
- configuration (vuls/vuls)
- configtest (vuls/vuls)
- scan (vuls/vuls)
- vulsrepo (vuls/vulsrepo)
Step1. Fetch NVD
$ for i in `seq 2002 $(date +"%Y")`; do \
docker run --rm -it \
-v $PWD:/vuls \
-v $PWD/go-cve-dictionary-log:/var/log/vuls \
vuls/go-cve-dictionary fetchnvd -years $i; \
done
- To fetch JVN(Japanese), See README
Step2. Fetch OVAL (e.g. redhat)
$ docker run --rm -it \
-v $PWD:/vuls \
-v $PWD/goval-dictionary-log:/var/log/vuls \
vuls/goval-dictionary fetch-redhat 5 6 7
- To fetch other OVAL, See README
Step2. Configuration
Create config.toml referring to this.
[servers]
[servers.amazon]
host = "54.249.93.16"
port = "22"
user = "vuls-user"
keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker
Step3. Configtest
$ docker run --rm -it\
-v ~/.ssh:/root/.ssh:ro \
-v $PWD:/vuls \
-v $PWD/vuls-log:/var/log/vuls \
vuls/vuls configtest \
-config=./config.toml # path to config.toml in docker
Step4. Scan
$ docker run --rm -it \
-v ~/.ssh:/root/.ssh:ro \
-v $PWD:/vuls \
-v $PWD/vuls-log:/var/log/vuls \
-v /etc/localtime:/etc/localtime:ro \
-e "TZ=Asia/Tokyo" \
vuls/vuls scan \
-config=./config.toml # path to config.toml in docker
Step5. Report
$ docker run --rm -it \
-v ~/.ssh:/root/.ssh:ro \
-v $PWD:/vuls \
-v $PWD/vuls-log:/var/log/vuls \
-v /etc/localtime:/etc/localtime:ro \
vuls/vuls report \
-cvedb-path=/vuls/cve.sqlite3 \
-ovaldb-path=/vuls/oval.sqlite3 \
-format-short-text \
-config=./config.toml # path to config.toml in docker
Step6. vulsrepo
$docker run -dt \
-v $PWD:/vuls \
-p 5111:5111 \
vuls/vulsrepo
User Feedback
Documentation
Documentation for this image is stored in the docker/ directory of the future-architect/vuls GitHub repo.
Issues
If you have any problems with or questions about this image, please contact us through a GitHub issue.
Contributing
- fork a repository: github.com/future-architect/vuls to github.com/you/repo
- get original code: go get github.com/future-architect/vuls
- work on original code
- add remote to your repo: git remote add myfork https://github.com/you/repo.git
- push your changes: git push myfork
- create a new Pull Request