image-comparison

module

v0.0.0-...-8075232 Latest Latest Go to latest Published: Nov 23, 2024 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cliffcolvin/image-comparison

README ¶

helmscan

Docker Image and Helm Chart CVE comparison tool

This tool allows you to scan and compare Docker images or Helm charts and analyze their CVE (Common Vulnerabilities and Exposures) reports.

Usage

There are three main ways to use this tool:

Command-line arguments
Interactive menu system
Single artifact scanning

1. Command-line arguments

You can run the tool with command-line arguments to compare two artifacts:

./helmscan --compare [--report] [--json] <artifact1> <artifact2>

Flags:

--compare: Enable comparison mode
--report: Generate a Markdown report file (optional)
--json: Generate a JSON report file (optional)
<artifact1>: The URL of the "before" image or Helm chart reference
<artifact2>: The URL of the "after" image or Helm chart reference

Examples:

# Compare Docker images and generate both JSON and Markdown reports
./helmscan --compare --report --json docker.io/library/ubuntu:20.04 docker.io/library/ubuntu:22.04

# Compare Helm charts with only JSON output
./helmscan --compare --json myrepo/mychart@1.0.0 myrepo/mychart@2.0.0

To use the interactive menu system, simply run the executable without any arguments:

./helmscan

Follow the on-screen prompts to:

Scan a single image or Helm chart
Compare two images or Helm charts
Exit

3. Single artifact scanning

To scan a single artifact, provide its reference as an argument:

./helmscan <artifact_reference>

Example:

# Scan a Docker image
./helmscan docker.io/library/ubuntu:22.04

# Scan a Helm chart
./helmscan myrepo/mychart@1.0.0

Output

The tool will provide information about:

CVE severity levels and counts
Added CVEs: New vulnerabilities in the second artifact
Removed CVEs: Vulnerabilities that were present in the first artifact but addressed in the second
Unchanged CVEs: Vulnerabilities present in both artifacts

When using the --report flag, the output will be saved to the working-files directory.

Note

Make sure you have the necessary permissions to pull the Docker images or access the Helm charts you want to analyze
For Helm charts, use the format repo/chart@version
The tool requires Trivy to be installed and accessible in your PATH

Directories ¶

Path	Synopsis
cmd
app
internal
helmscan
imageScan
reports

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL