Tool to check generic rules/best-practices for containers/images/dockerfiles.
Project description
# Colin
[](https://www.codacy.com/app/user-cont/colin?utm_source=github.com&utm_medium=referral&utm_content=user-cont/colin&utm_campaign=Badge_Grade)
[](https://ci.centos.org/job/user-cont-colin-master/)
Tool to check generic rules and best-practices for container images and dockerfiles.
For more information, please check our [documentation on colin.readthedocs.io](https://colin.readthedocs.io/en/latest/).
# Features
* Validate a selected artifact against a ruleset.
* Artifacts can be container images and dockerfiles.
* We provide a default ruleset we believe every container image should satisfy.
* There is a ruleset to validate an artifact whether it complies to [Fedora Container Guidelines](https://fedoraproject.org/wiki/Container:Guidelines)
* Colin can list available rulesets and list checks in a ruleset.
* There is a python API available
* Colin can be integrated into your workflow easily - it can provide results in json format.
## Installation
### Via `pip`
If you are on Fedora distribution, please install python3-pyxattr so you don't
have to compile it yourself when getting it from PyPI.
```bash
$ pip3 install --user colin
```
### On Fedora distribution
colin is packaged in official Fedora repositories:
```
$ dnf install -y colin
```
## Usage
```
$ colin -h
Usage: colin [OPTIONS] COMMAND [ARGS]...
COLIN -- Container Linter
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
check Check the image/dockerfile (default).
list-checks Print the checks.
list-rulesets List available rulesets.
```
```
$ colin check -h
Usage: colin check [OPTIONS] TARGET
Check the image/dockerfile (default).
Options:
-r, --ruleset TEXT Select a predefined ruleset (e.g. fedora).
-f, --ruleset-file FILENAME Path to a file to use for validation (by
default they are placed in
/usr/share/colin/rulesets).
--debug Enable debugging mode (debugging logs, full
tracebacks).
--json FILENAME File to save the output as json to.
-s, --stat Print statistics instead of full results.
-t, --tag TEXT Filter checks with the tag.
-v, --verbose Verbose mode.
--checks-path DIRECTORY Path to directory containing checks (default
['/home/flachman/.local/lib/python3.6/site-
packages/colin/checks']).
--pull Pull the image from registry.
--target-type TEXT Type of selected target (one of image,
dockerfile, ostree). For ostree,
please specify image name and path like this:
image@path
--insecure Pull from an insecure registry (HTTP or invalid
TLS).
-h, --help Show this message and exit.
```
Let's give it a shot:
```
$ colin -f ./rulesets/fedora.json fedora:27
LABELS:
FAIL:Label 'maintainer' has to be specified.
PASS:Label 'name' has to be specified.
FAIL:Label 'com.redhat.component' has to be specified.
FAIL:Label 'summary' has to be specified.
PASS:Label 'version' has to be specified.
FAIL:Label 'usage' has to be specified.
FAIL:Label 'release' has to be specified.
FAIL:Label 'architecture' has to be specified.
WARN:Label 'url' has to be specified.
WARN:Label 'help' has to be specified.
WARN:Label 'build-date' has to be specified.
WARN:Label 'distribution-scope' has to be specified.
WARN:Label 'vcs-ref' has to be specified.
...
```
### Directly from git
It's possible to use colin directly from git:
```
$ git clone https://github.com/user-cont/colin.git
$ cd colin
```
We can now run the analysis:
```
$ python3 -m colin.cli.colin -f ./rulesets/fedora.json fedora:27
FAIL:Label 'architecture' has to be specified.
FAIL:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
FAIL:Label 'distribution-scope' has to be specified.
FAIL:Label 'help' has to be specified.
FAIL:Label 'io.k8s.description' has to be specified.
FAIL:Label 'url' has to be specified.
FAIL:Label 'vcs-ref' has to be specified.
FAIL:Label 'vcs-type' has to be specified.
FAIL:Label 'vcs-url' has to be specified.
FAIL:Label 'com.redhat.component' has to be specified.
FAIL:Label 'maintainer' has to be specified.
FAIL:Label 'name' has to be specified.
FAIL:Label 'release' has to be specified.
FAIL:Label 'summary' has to be specified.
FAIL:Label 'version' has to be specified.
FAIL:Cmd or Entrypoint has to be specified
ERROR:The 'helpfile' has to be provided.
FAIL:Service should not run as root by default.
FAIL:Label 'usage' has to be specified.
FAIL:21 ERROR:1
```
### Exit codes
Colin can exit with several codes:
- `0` --> OK
- `1` --> error in the execution
- `2` --> CLI error, wrong parameters
- `3` --> at least one check failed
[](https://www.codacy.com/app/user-cont/colin?utm_source=github.com&utm_medium=referral&utm_content=user-cont/colin&utm_campaign=Badge_Grade)
[](https://ci.centos.org/job/user-cont-colin-master/)
Tool to check generic rules and best-practices for container images and dockerfiles.
For more information, please check our [documentation on colin.readthedocs.io](https://colin.readthedocs.io/en/latest/).
# Features
* Validate a selected artifact against a ruleset.
* Artifacts can be container images and dockerfiles.
* We provide a default ruleset we believe every container image should satisfy.
* There is a ruleset to validate an artifact whether it complies to [Fedora Container Guidelines](https://fedoraproject.org/wiki/Container:Guidelines)
* Colin can list available rulesets and list checks in a ruleset.
* There is a python API available
* Colin can be integrated into your workflow easily - it can provide results in json format.
## Installation
### Via `pip`
If you are on Fedora distribution, please install python3-pyxattr so you don't
have to compile it yourself when getting it from PyPI.
```bash
$ pip3 install --user colin
```
### On Fedora distribution
colin is packaged in official Fedora repositories:
```
$ dnf install -y colin
```
## Usage
```
$ colin -h
Usage: colin [OPTIONS] COMMAND [ARGS]...
COLIN -- Container Linter
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
check Check the image/dockerfile (default).
list-checks Print the checks.
list-rulesets List available rulesets.
```
```
$ colin check -h
Usage: colin check [OPTIONS] TARGET
Check the image/dockerfile (default).
Options:
-r, --ruleset TEXT Select a predefined ruleset (e.g. fedora).
-f, --ruleset-file FILENAME Path to a file to use for validation (by
default they are placed in
/usr/share/colin/rulesets).
--debug Enable debugging mode (debugging logs, full
tracebacks).
--json FILENAME File to save the output as json to.
-s, --stat Print statistics instead of full results.
-t, --tag TEXT Filter checks with the tag.
-v, --verbose Verbose mode.
--checks-path DIRECTORY Path to directory containing checks (default
['/home/flachman/.local/lib/python3.6/site-
packages/colin/checks']).
--pull Pull the image from registry.
--target-type TEXT Type of selected target (one of image,
dockerfile, ostree). For ostree,
please specify image name and path like this:
image@path
--insecure Pull from an insecure registry (HTTP or invalid
TLS).
-h, --help Show this message and exit.
```
Let's give it a shot:
```
$ colin -f ./rulesets/fedora.json fedora:27
LABELS:
FAIL:Label 'maintainer' has to be specified.
PASS:Label 'name' has to be specified.
FAIL:Label 'com.redhat.component' has to be specified.
FAIL:Label 'summary' has to be specified.
PASS:Label 'version' has to be specified.
FAIL:Label 'usage' has to be specified.
FAIL:Label 'release' has to be specified.
FAIL:Label 'architecture' has to be specified.
WARN:Label 'url' has to be specified.
WARN:Label 'help' has to be specified.
WARN:Label 'build-date' has to be specified.
WARN:Label 'distribution-scope' has to be specified.
WARN:Label 'vcs-ref' has to be specified.
...
```
### Directly from git
It's possible to use colin directly from git:
```
$ git clone https://github.com/user-cont/colin.git
$ cd colin
```
We can now run the analysis:
```
$ python3 -m colin.cli.colin -f ./rulesets/fedora.json fedora:27
FAIL:Label 'architecture' has to be specified.
FAIL:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
FAIL:Label 'distribution-scope' has to be specified.
FAIL:Label 'help' has to be specified.
FAIL:Label 'io.k8s.description' has to be specified.
FAIL:Label 'url' has to be specified.
FAIL:Label 'vcs-ref' has to be specified.
FAIL:Label 'vcs-type' has to be specified.
FAIL:Label 'vcs-url' has to be specified.
FAIL:Label 'com.redhat.component' has to be specified.
FAIL:Label 'maintainer' has to be specified.
FAIL:Label 'name' has to be specified.
FAIL:Label 'release' has to be specified.
FAIL:Label 'summary' has to be specified.
FAIL:Label 'version' has to be specified.
FAIL:Cmd or Entrypoint has to be specified
ERROR:The 'helpfile' has to be provided.
FAIL:Service should not run as root by default.
FAIL:Label 'usage' has to be specified.
FAIL:21 ERROR:1
```
### Exit codes
Colin can exit with several codes:
- `0` --> OK
- `1` --> error in the execution
- `2` --> CLI error, wrong parameters
- `3` --> at least one check failed
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
colin-0.2.0.tar.gz
(3.3 MB
view details)
Built Distributions
colin-0.2.0-py3-none-any.whl
(60.3 kB
view details)
colin-0.2.0-py2-none-any.whl
(60.3 kB
view details)
File details
Details for the file colin-0.2.0.tar.gz.
File metadata
- Download URL: colin-0.2.0.tar.gz
- Upload date:
- Size: 3.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.2.0 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 28393d0a2d21204b55b709edf58f57af83910de0f1d2cdbc4877451cf43108d6 |
|
| MD5 | 262a0c106cd9617f4bfff7d8d374ccbb |
|
| BLAKE2b-256 | 0207dab6f0f27593c85bf5944dbe70b8cc08ec5c35b6b7947f2f5489aa5140d6 |
File details
Details for the file colin-0.2.0-py3-none-any.whl.
File metadata
- Download URL: colin-0.2.0-py3-none-any.whl
- Upload date:
- Size: 60.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.2.0 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4be5e9851d07e1fb8446df22ccd3c91bed208904f495cffef8a1e55921df75d5 |
|
| MD5 | d5a1c358a6858fae69da2f0104563758 |
|
| BLAKE2b-256 | 5b9973da95ae4595bd717a0d0f3ea2bcd9dcfdaa2572c8dfb567a68207bc6f80 |
File details
Details for the file colin-0.2.0-py2-none-any.whl.
File metadata
- Download URL: colin-0.2.0-py2-none-any.whl
- Upload date:
- Size: 60.3 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.2.0 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3ae1c1900b8dc059f3ae56d5f70a80e5d9c0fec11376d97b5107bcc91a132b05 |
|
| MD5 | 32c1c3225ea9b4befbe9691589051918 |
|
| BLAKE2b-256 | 87d0f31c44159dc264924ff36145cd28bd0a11292f2d4c12283dd18200c7054e |
