Skip to main content

Running a Docker Images Plugin Scan with Command-Line Options

The following procedure initiates a Docker Images plugin scan using command-line options instead of the properties file.

The launch process automatically stores the Docker image in the /tmp directory on the machine where the Docker Images plugin is installed. The image contents are then extracted and scanned in this directory and, once the scan completes, the artifacts are deleted from the directory.

Consider the following when using the command-line method to run a scan:

  • The available command-line options basically correspond to the properties labeled as required (except for plugin.name) in properties file code-insight.docker.props. The command-line method does not support options corresponding to those properties labeled as optional in the file. (If you have used the properties file previously, you can reference it to help you determine what values to supply for the required command-line options.)

  • The command must include all the options described in this section (with the exception of the -tmpdir parameter, which you can use to specify a custom temporary directory for storing Docker image files).

  • During the scan, the command-line options overwrite the values of corresponding properties in code-insight.docker.props.

To run a Docker Images plugin scan using command-line options, do the following:

  1. Extract the Docker Images plugin subfolder from the CodeInsightversionPlugins.zip file, and copy it the Docker server. For more information, see Downloading Plugins.

  2. From a command line, run the a java command in this format:

    java -Dflx.agent.logLevel=info -jar code-insight-docker-plugin-<VERSION>.jar -server
         "<CODEINSIGHT_SERVER_HOSTNAME>:>PORT>/<CODEINSIGHT_SERVER_PATH>" -token "Bearer <JWT_TOKEN&>"
         - proj "<CODEINSIGHT_PROJECT_NAME>" -root "</path/to/the/codebase>" -image "<IMAGE_NAME>” -alias 
         "<SCAN_AGENT_ALIAS>" -tmpdir "<custom_path>"

    For example:

      - java -Dflx.agent.logLevel=info -jar code-insight-docker-plugin-2.4.3.jar -server "`http://1.1.1.1:8888/codeinsight`" -token "`Bearer
        eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsInVzZXJJZCI6MSwiaWF0IjoxNjg1OTQxNzg3fQ.IPuvTWeZyqRuj9PAG8eiG7N7ddY4Nuc3QRPRCwMkBhxRofw4A7gOJ-JDdNGlfaXoNa0QElTesoSMxbER8pXlQuuTbe7e`" - proj 
        "`libc_proj_1`" -root "`/users/jsmith/work/scatch`" -image "`alpinelinux:4.4`" -alias "`docker45`"
        -tmpdir "`c:/mystuff/scantemp`"

    Refer to the following table for a description of the arguments.

    Command-Line OptionDescriptionCorresponding Property in Properties File
    -jar code-insight-docker-plugin-<VERSION>.jarReplace <VERSION> with the build version of the .jar file used to run the plugin scan. You can locate the version in the name of the .jar file installed with the plugin. For example:
    -jar code-insight-docker-plugin-2.4.3.jar    		N/A
    -server "<CODEINSIGHT_SERVER_ HOSTNAME>:<PORT>/<CODEINSIGHT_SERVER_ PATH>"Replace the following with the appropriate values to identify the URL for Code Insight Core Server:
    <CODEINSIGHT_SERVER_HOSTNAME>:<PORT>/<CODEINSIGHT_SERVER_PATH>
    For example:
    -server "http://1.1.1.1:8888/codeinsight"    		codeinsight.server
    -token "Bearer <JWT_TOKEN>"Replace <JWT_TOKEN> with a JSON Web Token (JWT) used to authorize user access to the Code Insight functionality. Generate this token using the Code Insight Web UI and then copy and paste it here. Be sure to include the command “Bearer” followed by the token value. For example:
    -token "Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsInVzZXJJZ..."
    For more information about generating this token, see Providing an Authorization Token.    		codeinsight.auth. token
    -proj "<CODEINSIGHT_PROJECT_ NAME>"Replace <CODEINSIGHT_PROJECT_NAME> with the name of the project created in Code Insight to capture the scan results. For example:
    -proj "libc_proj_1"    		codeinsight.project. name
    -root "</path/to/the/codebase>"Replace </path/to/the/codebase> with path where the Docker Images plugin will be executing. For example:
    -root "/users/jsmith/work/scatch"
    This path must have writable privileges for the user executing the plugin.    		plugin.root.path
    -image "<IMAGE_NAME>Replace <IMAGE_NAME> with the name of the Docker image that the plugin is to scan. For example:
    -image "alpinelinux:4.4"
    If the image name contains a forward slash (/), ensure a valid tag is used with the name. See Important Note About an Image Name Containing a “/” in the Command.    		N/A
    -alias "<SCAN_AGENT_ALIAS>"Replace <SCAN_AGENT_ALIAS> with the name that you want to give to the scan-agent plugin. This alias is then used as the name of the “container” (scan root) under which all the files scanned in this instance will be listed in the API output and in the file tree in the Analysis Workbench . The name must be unique within the project. For example:
    -alias "docker45"    		plugin.alias.name
    -tmpdir "<CUSTOM_PATH>"(Optional) Replace <CUSTOM_PATH> with the desired path for storing and processing the image. (By default, the scan uses the /tmp directory.) For more information about this optional parameter, see Specifying a Temporary Directory of Your Choice.N/A