Warning
This project is currently in heavy development and not ready for production use. Please use it only, if you know what you're doing. In the future, there will be a stable release.
DockInv helps to get an overview of used docker images across multiple servers. It uses trivy and xeol to find end-of-live or vulnerable docker images. It consists of two parts: dockinv agent and dockinv server. The agent is a simple python script that gives limited external access to the containers endpoint of the docker api. The server is a web application that collects the information and displays it in a web interface.
- Flask as web framework (with SQLAlchemy, flask_migrate, gunicorn, click, ...)
- Celery as background task runner
- Docker as deployment platform
- Trivy as vulnerability scanner
- Xeol as end-of-life scanner
- SQLite as database
At the moment, the server needs to reach the agents via http(s). Since you should not expose the agents to the
internet, there must be a secure connection between the server and the agents. The docker-compose.yml file contains a
sample agent and server setup. You can use it as a starting point. Please change the HTTP_TOKEN environment variable
of the agent to a random string (at least 32 chars). Use the cli to add the agent to the server (see below).
Since there is no web interface yet, you can use the CLI to interact with the database. The CLI is available via the
flask command. You can use the following commands:
| Command | Description |
|---|---|
flask db upgrade |
Upgrade database |
flask hosts ls |
List all hosts |
flask hosts add |
Add a new host |
flask hosts edit |
Edit a host |
flask hosts rm |
Remove a host |
flask images ls |
List all images (including the trivy and xeol results) |
flask containers ls |
List all found containers |
Use the --help flag to get more information about the commands.
You can run the server and the agent on your local machine via docker compose. The agent will be available
at http://localhost:9999/. The server will be available at http://localhost:8000.
docker compose -f docker-compose-dev.yml upThe files are mounted into the containers, so you can change the code and the changes will be reflected in the containers immediately. Since flask runs in debug mode, the server will restart automatically when you change the code. The celery worker has to be restarted manually.
Whenever you change some Dockerfile related stuff, you have to use the --build flag to rebuild the images:
docker compose -f docker-compose-dev.yml up --buildWhenever you change the database models, please create and commit a new migration:
flask db migrate -m "[your description of the changes]"- Docker Security Dashboard
- Docker Inventory
- Docker scan full host
- Docker scan all images