Install Sysdig CLI Scanner

The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to manually scan container images and directories, whether they are located locally or remotely. Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode for scanning directories

Deployment

The sysdig-cli-scanner is a binary you can download and execute locally on your computer or environment.

  1. Download latest version of sysdig-cli-scanner with:
  • Linux:

    Intel Processor (AMD64)

    curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
    

    ARM Processor (ARM64)

    curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner"
    
  • MacOS:

    Intel Processor (AMD64)

    curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner"
    

    Apple Silicon (M1, M2) Processor (ARM64)

    curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner"
    

Optionally, you can check the sha256sum as:

  • Linux:

    Intel Processor (AMD64)

    sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner.sha256")
    

    ARM Processor (ARM64)

    sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner.sha256")
    
  • MacOS:

    Intel Processor (AMD64)

    shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner.sha256")
    

    Apple Silicon (M1, M2) Processor (ARM64)

    shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner.sha256")
    
  1. Set the executable flag on the file:

    chmod +x ./sysdig-cli-scanner
    

    You only need to download and set executable once. Then:

  2. You can scan images or IaC resources by running the sysdig-cli-scanner command:

    For VM mode:

    SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --apiurl <sysdig-api-url> <image-name>
    

    For IaC mode:

    SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --iac --apiurl <sysdig-api-url> <PathsToScan>
    

Next Steps

Continue with one of the following: