In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
How to use OCI image and container security analysis tool Terrier, for this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.
Terrier is a security analysis tool for OCI images and containers. Terrier can help researchers scan OCI images and container files and identify and verify the existence of specific files based on hashes.
Tool installation source code:
For the source code installation steps, please refer to the Releases page of the project.
Install via Go: $go get github.com/heroku/terrier source build via Go:$ go build
Or
The $make all tool uses $. / terrier-hUsage of. / terrier:-cfg stringLoad config from provided yaml file (default "cfg.yml")
The tool uses the OCI TAR that must be scanned, and this value needs to be provided to Terrier through the cfg.yml file.
The following Docker command can be used to convert a Docker image into a TAR file and provide it to Terrier scanning:
# docker save imageid-o image.tar$. / terrier [+] Loading config: cfg.yml [+] Analysing Image [+] Docker Image Source: image.tar [*] Inspecting Layer: 05c3c2c60920f68***6d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f [!] All components were identified and verified: (493amp 493) sample YML configuration
Terrier parses the YAML file, and the following is a sample configuration file:
# THIS IS AN EXAMPLE CONFIG, MODIFY TO YOUR NEEDS* reference source: compiled by heroku,FB editor Alpha_h5ck, reproduced, please note that the answer to the question from FreeBuf.COM on how to use Terrier, a security analysis tool for OCI images and containers, is here. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.