veinmind-vuln is used to scan container/images for internal assets and vulnerability information
- Scan the image/container for OS information
- Scan images/containers for system-installed packages
- Scan the image/container for libraries installed in the app
- Scan images/containers for known Cves (beta)
- linux/amd64
- linux/386
- linux/arm64
- linux/arm
Please install libveinmind, installation method can refer to [official documentation] (https://github.com/chaitin/libveinmind)
make run ARG="scan xxx"
Compile the executable
make build
Run the executable file for scanning
chmod +x veinmind-vuln && ./veinmind-vuln scan xxx
Make sure you have 'docker' and 'docker-compose' installed on your machine
make run.docker ARG="scan xxxx"
Build the 'veinmind-vuln' image
make build.docker
Run the container to scan
docker run --rm -it --mount 'type=bind,source=/,target=/host,readonly,bind-propagation=rslave' veinmind-vuln scan xxx
- Specify the image name or image ID and scan (if the image exists locally)
./veinmind-vuln scan image [imageID/imageName]
2. Scan all local images
./veinmind-vuln scan image
3. Specify the container name or container ID and scan
./veinmind-vuln scan container [containerID/containerName]
- Scan all local containers
./veinmind-vuln scan container
Specify the output format Supported output formats:
- html
- json
- cli (default)
./veinmind-vuln scan image [imageID/imageName] -f html
The resulting result.html looks like this:
6. Show details
./veinmind-vuln scan image [imageID/imageName] -v
7. Display specific types of information
./veinmind-vuln scan image [imageID/imageName] --type [os/python/npm/jar.....]
- Scan only asset information
./veinmind-vuln scan image [imageID/imageName] --only-asset
