Install Sysdig CLI Scanner

The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to manually scan container images and directories, whether they are located locally or remotely. Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode for scanning directories

Deployment

The sysdig-cli-scanner is a binary you can download and execute locally on your computer or environment.

Download latest version of sysdig-cli-scanner with:

Linux:

Intel Processor (AMD64)

curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"

ARM Processor (ARM64)

curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner"

MacOS:

Intel Processor (AMD64)

curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner"

Apple Silicon (M1, M2) Processor (ARM64)

curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner"

Optionally, you can check the sha256sum as:

Linux:

Intel Processor (AMD64)

sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner.sha256")

ARM Processor (ARM64)

sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner.sha256")

MacOS:

Intel Processor (AMD64)

shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner.sha256")

Apple Silicon (M1, M2) Processor (ARM64)

shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner.sha256")

Set the executable flag on the file:
```
chmod +x ./sysdig-cli-scanner
```
You only need to download and set executable once. Then:

You can scan images or IaC resources by running the sysdig-cli-scanner command:

For VM mode:

SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --apiurl <sysdig-api-url> <image-name>

For IaC mode:

SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --iac --apiurl <sysdig-api-url> <PathsToScan>

Next Steps

Continue with one of the following:

Run sysdig-cli-scanner in VM mode.
Run sysdig-cli-scanner in IaC mode.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.