New Scanning Engine [Preview]

Sysdig is developing a new scanning engine with major improvements and additional features. Some of the features offered with the first iteration of the new engine are:

  • Provides faster scan times when analyzing an image from the CI/CD pipeline or from your developer machine.
  • Offers more advanced and accurate vulnerability data and CVSS vector scoring from different vendors and exploitability metrics.
  • Features improved and more intuitive user experience.

The new engine is currently under development, but it can be enabled already as a Preview.

About Preview

In Sysdig parlance, Preview means showcasing a new feature that is under heavy development. In this case:

  • The new scanning engine cannot be used for production data or flows and there are no forward compatibility guarantees for the data or the configuration yet. We recommend that you do not store any data beyond testing and evaluation.

  • The new scanning engine is distinct and independent from the existing scan engine. What it means is that, for example, an image scanned with the new inline scanner will be available only in the new scanning engine menu options.

However, it is safe to test the new scanning engine while you are still using the current scanning engine for production. These features will not interfere with each other in any way.

  • The main goal of Preview is to collect feedback from you, and use it to keep advancing the feature set.

Enable the New Scanning Engine for Your Account

  1. Log in to Sysdig Secure.

  2. Navigate to Settings > User Profile.

  3. In the Sysdig Labs section, enable New Scanning Engine.

  4. Check whether the Vulnerability Management section is displayed.

Scan results are separated from the scan results in the current scanning engine to indicate that data and configurations for these interfaces are completely detached from the current scanning engine.

Get the Inline Scanner Binary

  1. Download the inline scanner binary and use it to scan the target containers:

Linux

curl -LO "https://download.sysdig.com/scanning/inlinescan/inlinescan_$(curl -L -s https://download.sysdig.com/scanning/inlinescan/latest_version.txt)_linux_amd64"

MacOS

curl -LO "https://download.sysdig.com/scanning/inlinescan/inlinescan_$(curl -L -s https://download.sysdig.com/scanning/inlinescan/latest_version.txt)_darwin_amd64"
  1. On both Linux and MacOS, ensure that you make the inline scan executable by using chmod +x ./inlinescan_<version>_<arch>. Replace <version> with the latest version that you have downloaded. Replace <arch> with your OS/architecture version.

Currently supported OS and arch:

  • linux_amd64
  • darwin_amd64

For example: ./inlinescan_0.1.0_linux_amd64

Analyze an Image with Inline Scanner

Run the following command:

SECURE_API_TOKEN=<user_API_token> ./inlinescan_<version>_<arch> --apiurl https://secure.sysdig.com mongo-express:0.54.0

You can get the inline help by running -h or --help from the command line. For example:

./inlinescan_<version>_<arch> -h

Usage

inlinescan_<version>_<arch> [OPTIONS] ImageName

Mandatory Parameters

  • SECURE API TOKEN : The SECURE_API_TOKEN is an environment variable. Navigate to Settings > User Profile to find the API token associated with your user account.
  • API URL: --apiurl specifies the Secure backend location where you want to push the scanning results.
  • Image: The image that you want to scan. In the example given, it is mongo-express:0.54.0.

Arguments

ImageName: Required parameter. Specify the image name.

Help Options

-h, --help: Show the command line help.

Example

Application Options:
  -a, --apiurl=           Secure API base URL
  -t, --apitimeout=       Secure API timeout (seconds) (default: 120)
      --output-json=      Output path of the scan result report in json format
  -s, --skiptlsverify     Skip TLS certificate verification (default: false)
  -u, --skipupload        Skip the scan results upload (default: false)
  -d, --dbpath=           Database full path. By default it uses main.db.gz from the same directory
  -p, --cachepath=        Cache path
  -c, --clearcache        Clear the cache before to run (default: false)
  -l, --loglevel=         Log level (default: info)
  -o, --logfile=          File destination for logs, used if --console-log not passed
      --console-log       Force logs to console, --logfile will be ignored
      --full-vulns-table  Show the entire list of packages found

Help Options:
  -h, --help              Show this help message

Arguments:
  ImageName:              Image name

Compatibility and Supported Modes

Supported Registries and Image Types

  • Docker Registry V2 - compatible
  • Docker Daemon
  • Podman
  • Docker Archive (tar)
  • OCI Archive

Supported Package Types

  • Debian
  • Alpine
  • RHEL
  • Ubuntu
  • Java Maven
  • Pypi
  • NPM (JS)
  • Ruby Gems
  • NuGet
  • Cargo (Rust)


Last modified October 13, 2021