ConPan inspect Docker containers and extract their installed packages to analyze them.
ConPan analyzes packages technical lag, vulnerabilities and other type of bugs. The output is a four pandas dataframes that contain general information about the analyzed DockerHub image, information about installed packages, how outdated they are, their vulnerabilities and other kind of bugs.
ConPan workflow is very simple:
- Pulls the Docker image.
- Runs it and extract installed packages.
- Tracks installed packages from their package managers.
- Inspects their technical lag: checks if they are outdated and how much they are lagging behind the latest available versions.
- Identifies vulnerable packages.
- Identifies other kind of bugs for installed packages.
Python modules:
- pandas>=0.22.0
- requests>=2.18.2
- psycopg2-binary>=2.7.4
- matplotlib>=3.0.0
- tqdm>=>=4.36.0
Other:
- docker-ce (https://docs.docker.com/install/)
ConPan is developed and tested mainly on GNU/Linux platforms. Thus it is very likely it will work out of the box on any Linux-like (or Unix-like) platform, upon providing the right requirements and version of Python (3.5, 3.6).
To install, run:
$> git clone https://github.com/neglectos/ConPan
$> python3 setup.py install
Or simply:
$> pip3 install git+https://github.com/neglectos/ConPan
To uninstall, run:
$> pip3 uninstall conpan
ConPan can be used from command line or directly from Python, both usages are described below.
You will need permission to use the Docker tool first.
Launching ConPan from command line does not require much effort.
$ conpan -p <package_type> -c <image>
Example:
$ conpan -p debian -c 127labs/blog -d
Output:
Results:
General information about the Docker image: 127labs/blog
- pull_count: 12870
- star_count: 0
- description: 127Lab's blog powered by Ghost
- last_updated: 2017-04-29T16:34:03.485881Z
- full_size: 114209000
Results about installed packages in: 127labs/blog
# installed packages: 130
# tracked packages: 130
# vulnerabilities: 326
# bugs: 2047
ConPan can be embedded in your Python scripts. Again, the effort of using it is minimum.
#! /usr/bin/env python3
from conpan.conpan import ConPan
# With 2 parameters
image_community = '127labs/blog'
image_official = 'debian:buster-slim'
cp = ConPan(packages="debian", image=image_official)
# extracting all information
general_info, installed_packages, tracked_packages, vulnerabilities, bugs = cp.analyze()
Or
# Extracting some specific information
cp.general_info()
cp.installed_packages()
cp.tracked_packages()
cp.vulnerabilities()
cp.bugs()
A scientific publication reporting on the ConPan tool can be found here: https://doi.org/10.1109/MSR.2019.00089
You can cite the associated research paper using:
@inproceedings{zerouali2019conpan,
title={ConPan: a tool to analyze packages in software containers},
author={Zerouali, Ahmed and Cosentino, Valerio and Robles, Gregorio and Gonzalez-Barahona, Jesus M and Mens, Tom},
booktitle={2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR)},
pages={592--596},
year={2019},
organization={IEEE}
}
Or
A. Zerouali, V. Cosentino, G. Robles, J. M. Gonzalez-Barahona and T. Mens, "ConPan: A Tool to Analyze Packages in Software Containers", 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), 2019, pp. 592-596, doi: 10.1109/MSR.2019.00089