Skip to main content

Tool to check generic rules/best-practices for containers/images/dockerfiles.

Project description

Colin

PyPI PyPI - License PyPI - Python Version PyPI - Status Codacy Badge Build Status

Tool to check generic rules and best-practices for container images and dockerfiles.

For more information, please check our documentation on colin.readthedocs.io.

example

Features

  • Validate a selected artifact against a ruleset.
  • Artifacts can be container images and dockerfiles.
  • We provide a default ruleset we believe every container image should satisfy.
  • There is a ruleset to validate an artifact whether it complies to Fedora Container Guidelines
  • Colin can list available rulesets and list checks in a ruleset.
  • There is a python API available
  • Colin can be integrated into your workflow easily - it can provide results in json format.

Installation

Via pip

If you are on Fedora distribution, please install python3-pyxattr so you don't have to compile it yourself when getting it from PyPI.

$ pip3 install --user colin

colin is supported on python 3.6+ only.

On Fedora distribution

colin is packaged in official Fedora repositories:

$ dnf install -y colin

Requirements

  • For checking image target-type, you have to install podman. If you need to check local docker images, you need to prefix your images with docker-daemon (e.g. colin check docker-daemon:docker.io/openshift/origin-web-console:v3.11).

  • If you want to use oci target, you need to install following tools:

Usage

$ colin --help
Usage: colin [OPTIONS] COMMAND [ARGS]...

  COLIN -- Container Linter

Options:
  -V, --version  Show the version and exit.
  -h, --help     Show this message and exit.

Commands:
  check          Check the image/dockerfile (default).
  info           Show info about colin and its dependencies.
  list-checks    Print the checks.
  list-rulesets  List available rulesets.
$ colin check --help
Usage: colin check [OPTIONS] TARGET

  Check the image/dockerfile (default).

Options:
  -r, --ruleset TEXT           Select a predefined ruleset (e.g. fedora).
  -f, --ruleset-file FILENAME  Path to a file to use for validation (by
                               default they are placed in
                               /usr/share/colin/rulesets).
  --debug                      Enable debugging mode (debugging logs, full
                               tracebacks).
  --json FILENAME              File to save the output as json to.
  --stat                       Print statistics instead of full results.
  -s, --skip TEXT              Name of the check to skip. (this option is
                               repeatable)
  -t, --tag TEXT               Filter checks with the tag.
  -v, --verbose                Verbose mode.
  --checks-path DIRECTORY      Path to directory containing checks (default
                               ['/home/flachman/.local/lib/python3.7/site-
                               packages/colin/checks']).
  --pull                       Pull the image from registry.
  --target-type TEXT           Type of selected target (one of image,
                               dockerfile, oci). For oci, please specify
                               image name and path like this: oci:path:image
  --timeout INTEGER            Timeout for each check in seconds.
                               (default=600)
  --insecure                   Pull from an insecure registry (HTTP or invalid
                               TLS).
  -h, --help                   Show this message and exit.

Let's give it a shot:

$ colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8

Directly from git

It's possible to use colin directly from git:

$ git clone https://github.com/user-cont/colin.git
$ cd colin

We can now run the analysis:

$ python3 -m colin.cli.colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8

Exit codes

Colin can exit with several codes:

  • 0 --> OK
  • 1 --> error in the execution
  • 2 --> CLI error, wrong parameters
  • 3 --> at least one check failed

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

colin-0.5.3.tar.gz (604.4 kB view details)

Uploaded Source

Built Distribution

colin-0.5.3-py3-none-any.whl (78.1 kB view details)

Uploaded Python 3

File details

Details for the file colin-0.5.3.tar.gz.

File metadata

  • Download URL: colin-0.5.3.tar.gz
  • Upload date:
  • Size: 604.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.63.0 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for colin-0.5.3.tar.gz
Algorithm Hash digest
SHA256 5fd718c1e1d2270ace39225c4c8b8cecdf5fb29664fe361c0107a54a55bd500d
MD5 a6e69fe2d32a1a2c4e5337dd172786d9
BLAKE2b-256 4efd2608a6a723893fc09f7f3f58b1d4932f43773ef46e69b3b000bf56625d9a

See more details on using hashes here.

File details

Details for the file colin-0.5.3-py3-none-any.whl.

File metadata

  • Download URL: colin-0.5.3-py3-none-any.whl
  • Upload date:
  • Size: 78.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.63.0 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for colin-0.5.3-py3-none-any.whl
Algorithm Hash digest
SHA256 a0d6ac0b72a1c2d5a7c5d29fb0d83edc7159887c2eff39b5bfc16c7f2a818e76
MD5 1731ee54a83491c6288da1e13211c158
BLAKE2b-256 c8b28b7815bcd06ada5731ae2fb6494d60b3106fa82a53596b69628c511144b1

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page