Install Sysdig CLI Scanner
The Sysdig Vulnerability CLI Scanner,
sysdig-cli-scanner
, is a versatile tool designed to manually scan container images and directories, whether they are located locally or remotely. Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner
in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode for scanning directoriesDeployment
The sysdig-cli-scanner
is a binary you can download and execute locally on your computer or environment.
- Download latest version of
sysdig-cli-scanner
with:
Linux:
Intel Processor (AMD64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
ARM Processor (ARM64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner"
MacOS:
Intel Processor (AMD64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner"
Apple Silicon (M1, M2) Processor (ARM64)
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner"
Optionally, you can check the sha256sum
as:
Linux:
Intel Processor (AMD64)
sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner.sha256")
ARM Processor (ARM64)
sha256sum -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner.sha256")
MacOS:
Intel Processor (AMD64)
shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/amd64/sysdig-cli-scanner.sha256")
Apple Silicon (M1, M2) Processor (ARM64)
shasum -a 256 -c <(curl -sL "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/darwin/arm64/sysdig-cli-scanner.sha256")
Set the executable flag on the file:
chmod +x ./sysdig-cli-scanner
You only need to download and set executable once. Then:
You can scan images or IaC resources by running the
sysdig-cli-scanner
command:For VM mode:
SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --apiurl <sysdig-api-url> <image-name>
For IaC mode:
SECURE_API_TOKEN=<your-api-token> ./sysdig-cli-scanner --iac --apiurl <sysdig-api-url> <PathsToScan>
Next Steps
Continue with one of the following:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.