UNPKG

container-image-scanner

Version:

Enterprise Container Image Scanner with AWS Security Best Practices. Scan EKS clusters for Bitnami container image dependencies and generate migration guidance for AWS ECR alternatives.

github.com/sanjeevrg89/container-image-scanner

sanjeevrg89/container-image-scanner

131 lines (108 loc) โ€ข 5.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Changelog All notable changes to the Container Image Scanner will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [2.2.0] - 2025-08-16 ### Added - **๐Ÿ” Comprehensive Powerpipe Integration** - PowerpipeIntegration service for workspace and database management - Advanced query system with SQL-like filtering and interactive mode - New CLI commands: `cis powerpipe`, enhanced `cis query`, `cis explore` - Pre-built dashboards: Container Overview, Security Analysis, Migration Planning - 25+ pre-built queries for common analysis patterns - Support for multiple export formats: CSV, JSON, SQL, HTML - Interactive visualizations with charts, tables, and flow diagrams - Real-time analytics with filtering and search capabilities - **๐ŸŽฏ Enhanced CLI Commands** - `cis powerpipe`: Interactive dashboards and analytics - `cis query`: Advanced querying with filtering, search, and interactive mode - `cis explore`: Data exploration with cluster/namespace filtering - Auto-installation of Powerpipe if not present - Comprehensive error handling and fallback mechanisms - **๐Ÿ“Š Analytics & Visualization** - Interactive web-based dashboards accessible via browser - Real-time data filtering and exploration - Enterprise-ready workspace management - CI/CD integration support with automated reporting - Performance optimizations for large datasets ### Changed - Enhanced scanner.ts with improved type definitions - Updated CLI interface to support new Powerpipe commands - Improved error handling and user experience - Maintained backward compatibility with existing functionality ## [2.1.0] - 2025-08-11 ### Added - **๐Ÿงช Comprehensive End-to-End Testing Framework** - Complete E2E testing suite with real AWS infrastructure - Test EKS cluster creation across multiple regions (us-east-1, us-west-2) - 15+ Bitnami workloads with realistic risk profiles for testing - Support for all Kubernetes workload types (Deployments, StatefulSets, DaemonSets, Jobs, CronJobs) - Multi-account and organization-wide testing capabilities - Performance benchmarks and error handling validation - Automated cleanup and cost optimization (~$2-5 per test run) - **๐Ÿ“‹ Testing Scripts** - `test-setup/local-test.sh` - Prerequisites validation and build testing - `test-setup/create-test-clusters.sh` - EKS cluster creation with eksctl - `test-setup/deploy-test-workloads.sh` - Bitnami workload deployment - `test-setup/run-e2e-tests.sh` - Comprehensive test suite with metrics - `test-setup/setup-multi-account-testing.sh` - Cross-account and organization testing - `test-setup/cleanup-test-environment.sh` - Complete resource cleanup - **๐Ÿ“š Documentation** - `TESTING.md` - Comprehensive testing guide with examples - `CONTRIBUTING.md` - Development guidelines and commit standards - `test-setup/README.md` - Detailed testing framework documentation - **๐Ÿ”„ CI/CD Integration** - GitHub Actions workflow for automated testing - Manual workflow dispatch for full AWS E2E testing - Security scanning and dependency audits - Automatic artifact upload and resource cleanup - **๐Ÿ› Issue Templates** - GitHub issue template for testing-related bug reports - Structured troubleshooting guidance ### Enhanced - **๐Ÿ“Š Risk Assessment Testing** - Validates Critical/High/Medium/Low risk categorization - Tests latest tag detection in production namespaces - Verifies infrastructure component identification - **๐Ÿ’ฐ Cost Analysis Validation** - Tests accurate $72K Broadcom cost calculations - Validates AWS ECR migration cost estimates - Confirms 79% savings percentage calculations - **๐Ÿข Enterprise Features Testing** - Multi-account scanning with role assumption - Organization-wide scanning capabilities - Cross-region deployment validation ### Technical Details - **Test Coverage**: 15+ images across 4 risk levels - **Infrastructure**: 2 EKS clusters, 4 t3.medium nodes - **Duration**: 45-60 minutes for complete test suite - **Cost**: ~$2-5 per full test run - **Cleanup**: Automated resource removal ### Breaking Changes - None - Fully backward compatible ### Migration Guide - No migration required - New testing framework is optional but recommended - Existing CLI commands and APIs unchanged ## [1.0.0] - 2025-08-05 ### Added - Initial release of Container Image Scanner - EKS cluster scanning for Bitnami dependencies - Risk level assessment (Critical/High/Medium/Low) - Multi-account and organization-wide scanning - Cost analysis with $72K annual savings calculations - AWS ECR migration recommendations - CLI interface with multiple commands - Web UI for interactive scanning - JSON and CSV output formats - Cross-account role assumption support - Comprehensive Bitnami image catalog (280+ images) - Real-time progress indicators - Error handling and troubleshooting guidance ### Features - **Core Scanning**: Detect Bitnami images across EKS clusters - **Risk Assessment**: Intelligent categorization based on tags and usage - **Cost Analysis**: Calculate financial impact of Broadcom licensing - **Migration Planning**: Generate ECR alternatives and scripts - **Multi-Account**: Support for AWS Organizations and cross-account scanning - **Enterprise Ready**: Professional documentation and error handling