Container Image Analyser (CIA) is a lightweight CLI tool designed to help DevOps engineers and developers analyse Docker container images for vulnerabilities and potential issues. It simplifies the process of ensuring the security and quality of containerized applications.
- Vulnerability Scanning: CIA scans Docker container images for known vulnerabilities and rates their severity.
- Detailed Reports: Generate detailed reports about the vulnerabilities found, including their CVE IDs, severity levels, and package information.
- Remediation Suggestions: Get recommendations for remediation, such as updating specific packages or using alternative base images.
- User-Friendly CLI: An easy-to-use command-line interface that supports a variety of options for scanning and reporting.
~$ cia
NAME:
cia - CIA is your go-to CLI tool for analyzing container images. It can pull images, scan for vulnerabilities, and output reports in multiple formats.
USAGE:
cia [global options] command [command options] [arguments...]
COMMANDS:
scan Scans the given container image
report Generate a report of the last scan
version Show the version of CIA tool
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--format value Report format (json, xml) (default: "json")
--skip-pull Skip pulling image before scanning
--help, -h show help
You can install CIA via go get
or by downloading the binary release for your platform from the Releases page.
go get github.com/moabukar/cia
.
├── CHANGELOG.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── cmd
│ └── cia
│ ├── cia
│ └── main.go
├── data
├── go.mod
├── go.sum
├── internal
│ ├── cli
│ │ └── main.go
│ ├── cmd
│ │ └── main.go
│ ├── report
│ │ └── report.go
│ └── scanner
│ └── scanner.go
└── tests