Sysdig Platform CLI - Runtime scanning
This section explains concepts and notations in the set of the Runtime scanning commands provided.
Usage
The Runtime scanning subsection allows the user to list all the scans performed by Sysdig Secure to the running images in the infrastructure.
$ sdc-cli scanning runtime --help
Usage: sdc-cli scanning runtime [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
list List runtime containers
Listing runtime scans
The list subcommand accepts the following parameters:
$ sdc-cli scanning runtime list --help
Usage: sdc-cli scanning runtime list [OPTIONS]
Options:
--scope TEXT An AND-composed string of predicates that selects the scope
in which the alert will be applied. (like: 'kubernetes.namespace.name = "example-java-app" and "kubernetes.deployment.name = "example-java-app-redis"')
--skip-policy No policy evaluations will be triggered for the images.
--start TEXT Start of the time range.
--end TEXT End of the time range.
--help Show this message and exit.
The start and end time ranges expect a unix time in microseconds.
Example: List all the runtime images scan results
sdc-cli scanning runtime list
imageId tag repo policyEvalStatus
5171bb7306e91c56fb70801bd97fde28d08d04d7b0c79de35793b915e5172272 0.2 docker.io/bencer/example-voting-app-voter fail
cb0b1e16d711445da3f2e785bf91beeeeb460451c556ec5b0f30e1e72f678b39 metrics-1 docker.io/bencer/hash-browns fail
15858f141bbfdaec442ab7056f13e6b3af8fcb0725a339dba462f6ce883078cc v3.13.3 docker.io/calico/kube-controllers pass
3efc460414d9c653856724597620c005190df0c42472981fbd88612647a1d2de v3.13.3 docker.io/calico/node fail
4c042930982d4ccae6e7619bcf590d242ed0abbc9a72c066c77451027e202dff 2.0.16 docker.io/cassandra fail
f6dcff9b59af55f031c7fe19a19930aa54ac9213986f4def36cee02811758337 latest docker.io/debian fail
22fccd4fab0aabda3241c96b60a59b477ba4a25fbba1a176a54a30346386479e 7.0.3 docker.io/grafana/grafana pass
89ec51554c461239f0f6287beafe066501600fc153af56f3a9dc656667153a92 7.0.5 docker.io/grafana/grafana pass
b6d365b943aabe84c2541d734157a7f15418499880d60dadd9fb0cc1afc8066e 1.5.0 docker.io/istio/citadel fail
eefdac798f8f0586dfd3c711ab878e6d04fd3a6c16dad48573b45561551f7f92 1.15.0 docker.io/istio/examples-bookinfo-details-v1 fail
8e754b2df1fef0ade3039b9247b6ffffd7acf7726e1d733a1237ac00bb5d78cc 1.15.0 docker.io/istio/examples-bookinfo-productpage-v1 fail
c5525808d27e72d4c9dd370bdf4ab1c69bf84055b1949a1d67c1be6e9e7e5e1f 1.15.0 docker.io/istio/examples-bookinfo-ratings-v1 fail
Example: List runtime images scan results with filters
sdc-cli scanning runtime list --scope 'kubernetes.namespace.name = "example-java-app" and kubernetes.deployment.name = "example-java-app-redis"'
imageId tag repo policyEvalStatus
990e1f57798f433364379cf2583702d843defb7630d8d1bb12dcdc6ce3d91ddb 2.8.19 docker.io/redis fail