Tool to check generic rules/best-practices for containers/images/dockerfiles.
Project description
Colin
Tool to check generic rules and best-practices for container images and dockerfiles.
For more information, please check our documentation on colin.readthedocs.io.
Features
- Validate a selected artifact against a ruleset.
- Artifacts can be container images and dockerfiles.
- We provide a default ruleset we believe every container image should satisfy.
- There is a ruleset to validate an artifact whether it complies to Fedora Container Guidelines
- Colin can list available rulesets and list checks in a ruleset.
- There is a python API available
- Colin can be integrated into your workflow easily - it can provide results in json format.
Installation
Via pip
If you are on Fedora distribution, please install python3-pyxattr so you don't have to compile it yourself when getting it from PyPI.
$ pip3 install --user colin
colin is supported on python 3.6+ only.
On Fedora distribution
colin is packaged in official Fedora repositories:
$ dnf install -y colin
Requirements
-
For checking
imagetarget-type, you have to install podman. If you need to check local docker images, you need to prefix your images withdocker-daemon(e.g.colin check docker-daemon:docker.io/openshift/origin-web-console:v3.11). -
If you want to use
ocitarget, you need to install following tools:
Usage
$ colin --help
Usage: colin [OPTIONS] COMMAND [ARGS]...
COLIN -- Container Linter
Options:
-V, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
check Check the image/dockerfile (default).
info Show info about colin and its dependencies.
list-checks Print the checks.
list-rulesets List available rulesets.
$ colin check --help
Usage: colin check [OPTIONS] TARGET
Check the image/dockerfile (default).
Options:
-r, --ruleset TEXT Select a predefined ruleset (e.g. fedora).
-f, --ruleset-file FILENAME Path to a file to use for validation (by
default they are placed in
/usr/share/colin/rulesets).
--debug Enable debugging mode (debugging logs, full
tracebacks).
--json FILENAME File to save the output as json to.
--stat Print statistics instead of full results.
-s, --skip TEXT Name of the check to skip. (this option is
repeatable)
-t, --tag TEXT Filter checks with the tag.
-v, --verbose Verbose mode.
--checks-path DIRECTORY Path to directory containing checks (default
['/home/flachman/.local/lib/python3.7/site-
packages/colin/checks']).
--pull Pull the image from registry.
--target-type TEXT Type of selected target (one of image,
dockerfile, oci). For oci, please specify
image name and path like this: oci:path:image
--timeout INTEGER Timeout for each check in seconds.
(default=600)
--insecure Pull from an insecure registry (HTTP or invalid
TLS).
-h, --help Show this message and exit.
Let's give it a shot:
$ colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8
Directly from git
It's possible to use colin directly from git:
$ git clone https://github.com/user-cont/colin.git
$ cd colin
We can now run the analysis:
$ python3 -m colin.cli.colin -f ./rulesets/fedora.json registry.fedoraproject.org/f29/cockpit
PASS:Label 'architecture' has to be specified.
PASS:Label 'build-date' has to be specified.
FAIL:Label 'description' has to be specified.
PASS:Label 'distribution-scope' has to be specified.
:
:
PASS:10 FAIL:8
Exit codes
Colin can exit with several codes:
0--> OK1--> error in the execution2--> CLI error, wrong parameters3--> at least one check failed
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file colin-0.5.0.tar.gz.
File metadata
- Download URL: colin-0.5.0.tar.gz
- Upload date:
- Size: 605.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a24a2afda2b6946fafd18cddfedd0f503cbc866c6e98f30a81b7fa5dc76115c4 |
|
| MD5 | a2cd0fb6833d65063bbb827cdbcb771a |
|
| BLAKE2b-256 | 68b0aec7edc577f4234989558b48eec57ca3276f75557dec7de347b4f1f32af4 |
File details
Details for the file colin-0.5.0-py3-none-any.whl.
File metadata
- Download URL: colin-0.5.0-py3-none-any.whl
- Upload date:
- Size: 78.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3d85a2cc2431751c83a79b07d21bdcd7b3e50acccfab987071d394ae2dcdb2b1 |
|
| MD5 | 30c192c53e6b53e28b8b7bd15bba6cec |
|
| BLAKE2b-256 | 4958854331bfd29081b806a92ef41777538f809eb9ed69894b315502d30973db |
