Tool to scan a container image's rootfs

image-rootfs-scanner

A tool to pull and scan the rootfs of any container image for different binaries. It started out as a means of finding "restricted" binaries, e.g. binaries that we'd prefer not be in an image, such as shells, curl, etc, hence the defaults.

This project should only be used to scan trusted images. It is not designed to find things that someone is trying to hide, just as a safeguard to find things that were forgotten.

Note, this does not scan individual layers, only the final rootfs. Again, the intent is to limit what is available inside a container, not to prevent a binary from being on the host machine.

Out of the box it depends on a containerd daemon running to connect to, however you can configure it to run stand-alone with data being stored in the specified root location (default is in your home dir).

It currently requires a user with CAP_SYS_ADMIN (e.g. root) in order to mount things. I do have some work done to allow this to run as an unprivileged user and mount using fuse-overlayfs, but there is still some work to do to make that happen.

Usage

This assumes you have containerd up and running with the default socket location (/run/containerd/containerd.sock). You must provide the full canonical URL to an image, e.g. instead of ubuntu => docker.io/library/ubuntu:latest. It outputs a report which you can customize if needed (see the --format flag).

$ sudo image-rootfs-scanner docker.io/library/busybox:latest
docker.io/library/busybox:latest MATCH ["nc","sh","wget"]

The report has three columns, the image ref, the status, and a json encoded value of the data. If there is an error it will be in the report, example for running without the needed privileges:

docker.io/library/busybox:latest ERROR {"error": "error mounting rootfs: operation not permitted"}

Fields

The available template fields for the report (available to --format) are:

  • .Ref - The image reference used to fetch the image
  • .Found - An array of found binaries
  • .Status - Stringified status. ERROR if there was an error, MATCH there are found binaries, and NONE for no matches.
  • .Data - json representation of the data, such as an error or the matched binaries.
  • .HasMatches - Boolean for len(found) >= 1
  • .HasError - Boolean for if there is an error
  • .Manifest - Text marshalling of the continuity manifest
  • .ManifestProto - Protobuf marshalling of the continuity manifest

By default this scans for several different things such as bash, zsh, ssh, curl, and more. See --help for the full list. You can also customize it to only look in a specific location instead of / recursively.

Matching

There is a default template provided to match certain binaries in a bin/ directory. You can customize this by changing the --match flag. The value of this flag is a go-template which must evaluate to a boolean value which can be parsed by Go's strconv.ParseBool.

In addition to Go's builtin template functions, we provide:

  • regexp which takes two string arguments. The first argument is the value you want to evaluate. The second argument is the regular expression you want to use to match with. Example: {{ regexp .Path "bin/(bash|sh)$" }}
  • exec which runs whatever command+args you tell it to run. An exit code of 0 means true, exit code 1 means false. Any other exit code is an error condition. Stdin contains the json encoded resource. Anything you write to stdout/stderr will be used to write the error message. Example: {{ exec "/bin/sh", "-c", "[ \"$(jq .path <@0)\" = \"/bin/sh\" ]" }}. This evaluates if the path of the source is /bin/sh and signals a match if so. This is executed in the context of the scanner tool, not the image being processed.

Building

The tool is only able to work on Linux for now

Requires go with go modules support, then go build You can also build with Docker:

$ docker build --output=bin/ --platform=local .

or

$ docker build --output=bin/ --platform=local https://github.com/Azure/image-rootfs-scanner.git

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Owner
Microsoft Azure
APIs, SDKs and open source projects from Microsoft Azure
Microsoft Azure
https://github.com/Azure/image-rootfs-scanner
Comments
  • Bump golangci/golangci-lint-action from 2 to 3.1.0

    Bump golangci/golangci-lint-action from 2 to 3.1.0

    Bumps golangci/golangci-lint-action from 2 to 3.1.0.

    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v3.1.0

    What's Changed

    New features

    CI

    Dependabot

    Misc

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v3...v3.1.0

    v3.0.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

    Bump version v2.5.2

    Bug fixes

    • 5c56cd6 Extract and don't mangle User Args. (#200)

    Dependencies

    • e3c53fe bump @​typescript-eslint/eslint-plugin (#194)
    • 3b9f80e bump @​typescript-eslint/parser from 4.18.0 to 4.19.0 (#195)
    • 9845713 bump @​types/node from 14.14.35 to 14.14.37 (#197)
    • e789ee1 bump eslint from 7.22.0 to 7.23.0 (#196)
    • f2e9a96 bump @​typescript-eslint/eslint-plugin (#188)
    • 818081a bump @​types/node from 14.14.34 to 14.14.35 (#189)
    • 6671836 bump @​typescript-eslint/parser from 4.17.0 to 4.18.0 (#190)

    ... (truncated)

    Commits
    • b517f99 fix version in package-lock.json (#407)
    • 9636c5b Update version to 3.1.0 in package.json (#406)
    • 03e4bef ci(dep): Add step to commit changes if PR has dependencies label (#108)
    • cdfc708 Allow to disable caching completely (#351)
    • 7d5614c build(deps-dev): bump eslint from 8.9.0 to 8.10.0 (#405)
    • c675eb7 Update all direct dependencies (#404)
    • 423fbaf Remove Setup-Go (#403)
    • bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
    • d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
    • e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/containerd/containerd from 1.5.5 to 1.5.7

    Bump github.com/containerd/containerd from 1.5.5 to 1.5.7

    Bumps github.com/containerd/containerd from 1.5.5 to 1.5.7.

    Release notes

    Sourced from github.com/containerd/containerd's releases.

    containerd 1.5.7

    Welcome to the v1.5.7 release of containerd!

    The seventh patch release for containerd 1.5 is a security release to fix CVE-2021-41103.

    Notable Updates

    • Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq

    See the changelog for complete list of changes

    Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

    Contributors

    • Derek McGowan
    • Samuel Karp

    Changes

    • 8686ededf Merge pull request from GHSA-c2h3-6mxw-7mvq
    • bc2f973ff Prepare release notes for v1.5.7
    • f95fca079 btrfs: reduce permissions on plugin directories
    • 68119b417 v1 runtime: reduce permissions for bundle dir
    • 97db45e83 v2 runtime: reduce permissions for bundle dir

    Dependency Changes

    This release has no dependency changes

    Previous release can be found at v1.5.6

    containerd 1.5.6

    Welcome to the v1.5.6 release of containerd!

    The sixth patch release for containerd 1.5 contains minor fixes and updates including an updated runc and hcsshim.

    Notable Updates

    • Install apparmor parser for arm64 and update seccomp to 2.5.1 #5763
    • Update runc binary to 1.0.2 #5899
    • Update hcsshim to v0.8.21 to fix layer issue on Windows Server 2019 #5942
    • Add support for 'clone3' syscall to fix issue with certain images when seccomp is enabled #5982
    • Add image config labels in CRI container creation #6012
    • Fix panic in metadata content writer on copy error #6043

    ... (truncated)

    Commits
    • 8686ede Merge pull request from GHSA-c2h3-6mxw-7mvq
    • bc2f973 Prepare release notes for v1.5.7
    • f95fca0 btrfs: reduce permissions on plugin directories
    • 68119b4 v1 runtime: reduce permissions for bundle dir
    • 97db45e v2 runtime: reduce permissions for bundle dir
    • 1a1b383 Merge pull request #6068 from dmcgowan/prepare-1.5.6
    • bc8fdf8 Update release notes and mailmap
    • 77dafa2 Prepare release notes for v1.5.6
    • 0631957 Merge pull request #6045 from dmcgowan/1.5-fix-metadata-content-panic
    • a4b51d1 Fix panic in metadata content writer on copy error
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
  • Bump github.com/containerd/containerd from 1.5.5 to 1.5.6

    Bump github.com/containerd/containerd from 1.5.5 to 1.5.6

    Bumps github.com/containerd/containerd from 1.5.5 to 1.5.6.

    Release notes

    Sourced from github.com/containerd/containerd's releases.

    containerd 1.5.6

    Welcome to the v1.5.6 release of containerd!

    The sixth patch release for containerd 1.5 contains minor fixes and updates including an updated runc and hcsshim.

    Notable Updates

    • Install apparmor parser for arm64 and update seccomp to 2.5.1 #5763
    • Update runc binary to 1.0.2 #5899
    • Update hcsshim to v0.8.21 to fix layer issue on Windows Server 2019 #5942
    • Add support for 'clone3' syscall to fix issue with certain images when seccomp is enabled #5982
    • Add image config labels in CRI container creation #6012
    • Fix panic in metadata content writer on copy error #6043

    See the changelog for complete list of changes

    Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

    Contributors

    • Derek McGowan
    • Akihiro Suda
    • Wei Fu
    • Phil Estes
    • Alexandre Peixoto Ferreira
    • Daniel Canter
    • Sebastiaan van Stijn
    • Davanum Srinivas
    • Gunju Kim
    • Jayme Howard
    • Kohei Tokunaga
    • Mike Brown
    • wanglei
    • zhanglei

    Changes

    • 1a1b383ad Merge pull request #6068 from dmcgowan/prepare-1.5.6
    • bc8fdf832 Update release notes and mailmap
    • 77dafa20c Prepare release notes for v1.5.6
    • 063195739 Merge pull request #6045 from dmcgowan/1.5-fix-metadata-content-panic
    • a4b51d119 Fix panic in metadata content writer on copy error
    • 4de759ab5 Merge pull request #6041 from dmcgowan/backport-1.5-use-ghcr-test-images
    • 147705920 Use github images for integration tests
    • 3f4f6bca9 Merge pull request #5981 from scuzhanglei/release-1.5-privileged-device
    • 980646e3c Merge pull request #6024 from estesp/cp-6012

    ... (truncated)

    Commits
    • 1a1b383 Merge pull request #6068 from dmcgowan/prepare-1.5.6
    • bc8fdf8 Update release notes and mailmap
    • 77dafa2 Prepare release notes for v1.5.6
    • 0631957 Merge pull request #6045 from dmcgowan/1.5-fix-metadata-content-panic
    • a4b51d1 Fix panic in metadata content writer on copy error
    • 4de759a Merge pull request #6041 from dmcgowan/backport-1.5-use-ghcr-test-images
    • 1477059 Use github images for integration tests
    • 3f4f6bc Merge pull request #5981 from scuzhanglei/release-1.5-privileged-device
    • 980646e Merge pull request #6024 from estesp/cp-6012
    • 514137a cri: add devices for privileged container
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/containerd/continuity from 0.1.0 to 0.2.0

    Bump github.com/containerd/continuity from 0.1.0 to 0.2.0

    Bumps github.com/containerd/continuity from 0.1.0 to 0.2.0.

    Commits
    • 7e9eee8 Merge pull request #185 from AkihiroSuda/remove-pkg-errors
    • 849cf06 run gofmt with Go 1.17
    • 7b4650c remove direct dependency on github.com/pkg/errors
    • 2e0898a Merge pull request #186 from ukontainer/fix-darwin-utimes
    • 16556d0 update AUTHORS
    • b80f086 darwin: use utimensat syscall instead of utimes
    • c666a35 fix darwin usage of du command
    • 8bdabd6 Merge pull request #161 from thaJeztah/update_fuse_2
    • 10c7322 Merge pull request #184 from thaJeztah/update_stat
    • fa7d162 reformat nolint comments
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bumps github.com/sirupsen/logrus from 1.8.1 to 1.9.0.

    Commits
    • f8bf765 Merge pull request #1343 from sirupsen/dbd-upd-dep
    • ebc9029 update dependencies
    • 56c843c Merge pull request #1337 from izhakmo/fix-cve
    • 41b4ee6 update gopkg.in/yaml.v3 to v3.0.1
    • f98ed3e Merge pull request #1333 from nathanejohnson/bumpxsys
    • 2b8f60a bump version of golangci-lint
    • 0db10ef bump version of golang.org/x/sys dependency
    • 85981c0 Merge pull request #1263 from rubensayshi/fix-race
    • 79c5ab6 Merge pull request #1283 from sirupsen/dbd-log-doc
    • 5f8c666 Improve Log methods documentation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/containerd/continuity from 0.2.2 to 0.3.0

    Bump github.com/containerd/continuity from 0.2.2 to 0.3.0

    Bumps github.com/containerd/continuity from 0.2.2 to 0.3.0.

    Release notes

    Sourced from github.com/containerd/continuity's releases.

    v0.3.0

    What's Changed

    Full Changelog: https://github.com/containerd/continuity/compare/v0.2.2...v0.3.0

    Commits
    • 5ad51c7 Merge pull request #204 from AkihiroSuda/fix-issue-203
    • 74a0169 go.mod: update dependencies (take 2)
    • 4823db4 Merge pull request #205 from AkihiroSuda/revert-e3648687add4203d03811191b4e56...
    • 4ef02a2 Revert "go.mod: update dependencies"
    • e364868 go.mod: update dependencies
    • 5df4731 cmd/continuity: remove FUSE for macOS
    • 164806d Merge pull request #202 from thaJeztah/various_fixups
    • 7fa1569 README: update badges and links
    • 7917549 golangci-lint: replace "golint" with "revive"
    • de7fd6b sysx: remove unused sysx/generate.sh script
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump actions/setup-go from 2 to 3

    Bump actions/setup-go from 2 to 3

    Bumps actions/setup-go from 2 to 3.

    Release notes

    Sourced from actions/setup-go's releases.

    v3.0.0

    What's Changed

    Breaking Changes

    With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

    This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

    steps:
  - uses: actions/checkout@v2
  - uses: actions/setup-go@v3
    with:
      go-version: '1.18.0-rc.1' 
  - run: go version

    Add check-latest input

    In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

    steps:
  - uses: actions/checkout@v2
  - uses: actions/setup-go@v2
    with:
      go-version: '1.16'
      check-latest: true
  - run: go version

    Moreover, we updated @actions/core from 1.2.6 to 1.6.0

    v2.1.5

    In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

    v2.1.4

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

    v2.1.3

    • Updated communication with runner to use environment files rather then workflow commands

    v2.1.2

    This release includes vendored licenses for this action's npm dependencies.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump golangci/golangci-lint-action from 2 to 3

    Bump golangci/golangci-lint-action from 2 to 3

    Bumps golangci/golangci-lint-action from 2 to 3.

    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v3.0.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

    Bump version v2.5.2

    Bug fixes

    • 5c56cd6 Extract and don't mangle User Args. (#200)

    Dependencies

    • e3c53fe bump @​typescript-eslint/eslint-plugin (#194)
    • 3b9f80e bump @​typescript-eslint/parser from 4.18.0 to 4.19.0 (#195)
    • 9845713 bump @​types/node from 14.14.35 to 14.14.37 (#197)
    • e789ee1 bump eslint from 7.22.0 to 7.23.0 (#196)
    • f2e9a96 bump @​typescript-eslint/eslint-plugin (#188)
    • 818081a bump @​types/node from 14.14.34 to 14.14.35 (#189)
    • 6671836 bump @​typescript-eslint/parser from 4.17.0 to 4.18.0 (#190)
    • 526907e bump @​typescript-eslint/parser from 4.16.1 to 4.17.0 (#185)
    • 6b6ba16 bump @​typescript-eslint/eslint-plugin (#186)
    • 9cab4ef bump eslint from 7.21.0 to 7.22.0 (#187)
    • 0c76572 bump @​types/node from 14.14.32 to 14.14.34 (#184)
    • 0dfde21 bump @​typescript-eslint/parser from 4.15.2 to 4.16.1 (#182)
    • 9dcf389 bump typescript from 4.2.2 to 4.2.3 (#181)
    • 34d3904 bump @​types/node from 14.14.31 to 14.14.32 (#180)
    • e30b22f bump @​typescript-eslint/eslint-plugin (#179)
    • 8f30d25 bump eslint from 7.20.0 to 7.21.0 (#177)
    • 0b64a40 bump @​typescript-eslint/parser from 4.15.1 to 4.15.2 (#176)
    • 973b3a3 bump eslint-config-prettier from 8.0.0 to 8.1.0 (#178)
    • 6ea3de1 bump @​typescript-eslint/eslint-plugin (#175)
    • 6eec6af bump typescript from 4.1.5 to 4.2.2 (#174)

    v2.5.1

    Bug fixes:

    • d9f0e73 Check that go.mod exists in reading the version (#173)

    v2.5.0

    New Features:

    • 51485a4 Try to get version from go.mod file (#118)

    ... (truncated)

    Commits
    • b517f99 fix version in package-lock.json (#407)
    • 9636c5b Update version to 3.1.0 in package.json (#406)
    • 03e4bef ci(dep): Add step to commit changes if PR has dependencies label (#108)
    • cdfc708 Allow to disable caching completely (#351)
    • 7d5614c build(deps-dev): bump eslint from 8.9.0 to 8.10.0 (#405)
    • c675eb7 Update all direct dependencies (#404)
    • 423fbaf Remove Setup-Go (#403)
    • bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
    • d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
    • e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump actions/checkout from 2 to 3

    Bump actions/checkout from 2 to 3

    Bumps actions/checkout from 2 to 3.

    Release notes

    Sourced from actions/checkout's releases.

    v3.0.0

    • Update default runtime to node16

    v2.4.0

    • Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

    v2.3.5

    Update dependencies

    v2.3.4

    v2.3.3

    v2.3.2

    Add Third Party License Information to Dist Files

    v2.3.1

    Fix default branch resolution for .wiki and when using SSH

    v2.3.0

    Fallback to the default branch

    v2.2.0

    Fetch all history for all tags and branches when fetch-depth=0

    v2.1.1

    Changes to support GHES (here and here)

    v2.1.0

    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/containerd/continuity from 0.2.1 to 0.2.2

    Bump github.com/containerd/continuity from 0.2.1 to 0.2.2

    Bumps github.com/containerd/continuity from 0.2.1 to 0.2.2.

    Release notes

    Sourced from github.com/containerd/continuity's releases.

    v0.2.2

    What's Changed

    New Contributors

    Full Changelog: https://github.com/containerd/continuity/compare/v0.2.1...v0.2.2

    Commits
    • 092b2c8 Merge pull request #193 from tklauser/timespec-unix
    • 030679c fs: use syscall.Timespec.Unix
    • 44b5ced Merge pull request #192 from estesp/update-go-vers
    • 0ba592c Update CI Go version to 1.17
    • e56e17d Merge pull request #190 from kzys/netbsd
    • 29fc4ec Merge pull request #191 from kzys/log-error
    • 759cf0c Do not log errors before returning them
    • e096714 Build containerd/continuity on multiple Unix OSes
    • 8e53e7c Merge pull request #188 from gabriel-samfira/copy-windows-acl
    • 2cd7d24 Copy Windows file metadata
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2

    Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2

    Bumps github.com/opencontainers/image-spec from 1.0.1 to 1.0.2.

    Release notes

    Sourced from github.com/opencontainers/image-spec's releases.

    v1.0.2

    This release was voted on by the maintainers and PASSED (+5 -0 #2), to mitigate the CVE-2021-41190 advisory.

    This release is rebased directly on the prior tagged release (not including the commits that have occurred on main). Corresponding commits have been added to main, such that main is ready for a future next release.

    R

    Commits
    • 67d2d56 version: release 1.0.2
    • dcdcb7f specs-go: adding mediaType to the index and manifest structures
    • 5f31485 *.md: bring mediaType out of reserved status
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
Related tags
Images tools image-rootfs-scanner
A cross-platform tool to convert images into ascii art and print them on the console
 A cross-platform tool to convert images into ascii art and print them on the console

A cross-platform tool to convert images into ascii art and print them on the console

Dec 30, 2022
a tool to output images as RGB ANSI graphics on the terminal
 a tool to output images as RGB ANSI graphics on the terminal

imgcat Tool to output images in the terminal. Built with bubbletea install homebrew brew install trashhalo/homebrew-brews/imgcat prebuilt packages Pr

Dec 28, 2022
Read and write Netpbm images from Go programs

netpbm Introduction netpbm is a package for the Go programming language that implements image decoders and encoders for the Netpbm image formats. The

Dec 29, 2022
Pure Golang Library that allows simple LSB steganography on images
 Pure Golang Library that allows simple LSB steganography on images

Steganography Lib Steganography is a library written in Pure go to allow simple LSB steganography on images. It is capable of both encoding and decodi

Dec 22, 2022
Resize images and animated GIFs in Go

Lilliput relies on mature, high-performance C libraries to do most of the work of decompressing, resizing and compressing images. It aims to do as little memory allocation as possible and especially not to create garbage in Go. As a result, it is suitable for very high throughput image resizing services.

Jan 3, 2023
Reproducing images with geometric primitives.
 Reproducing images with geometric primitives.

Primitive Pictures Reproducing images with geometric primitives. How it Works A target image is provided as input. The algorithm tries to find the sin

Dec 31, 2022
Fast and secure standalone server for resizing and converting remote images

imgproxy imgproxy is a fast and secure standalone server for resizing and converting remote images. The main principles of imgproxy are simplicity, sp

Jan 1, 2023
An iterative algorithm to generate high quality triangulated images.
 An iterative algorithm to generate high quality triangulated images.

Triangula uses a modified genetic algorithm to triangulate images. It works best with images smaller than 3000px and with fewer than 3000 points, typically producing an optimal result within a couple of minutes.

Jan 8, 2023
A go library for reading and creating ISO9660 images

iso9660 A package for reading and creating ISO9660, forked from https://github.com/kdomanski/iso9660. Requires Go 1.13 or newer. Joliet and Rock Ridge

Mar 4, 2021
Generate high-quality triangulated art from images.
 Generate high-quality triangulated art from images.

An iterative algorithm to generate high quality triangulated images.

May 26, 2021
Convert images to computer generated art using delaunay triangulation.
 Convert images to computer generated art using delaunay triangulation.

▲ Triangle is a tool for generating triangulated image using delaunay triangulation. It takes a source image and converts it to an abstract image comp

Dec 29, 2022
Emoji images for Ebiten
 Emoji images for Ebiten

Ebiten Emoji Alpha version: The API is not stable yet Package emoji provides Emoji images for Ebiten. Usage func (*YourGame) Draw(screen *ebiten.Image

Dec 11, 2022
An experiment in rendering images with Slack custom emojis.
 An experiment in rendering images with Slack custom emojis.

emojimage An experiment in rendering images with Slack custom emojis. Example Usage 1. Initializing your workspace First, you'll need to upload 1,332

Mar 12, 2022
Image compression codec for 16 bit medical images

MIC - Medical Image Codec This library introduces a lossless medical image compression codec MIC for 16 bit images which provides compression ratio si

Dec 26, 2021
Small project to convert images to grayscale

This is a small http server that will read images from a provided path, convert the image to gray, and then serve back the converted image Usage You c

Nov 5, 2021
Cryptseaside generates seaside images using Unix nanoseconds as the seed value.
 Cryptseaside generates seaside images using Unix nanoseconds as the seed value.

Cryptseaside Welcome to the Cryptseaside project. Cryptseaside generates seaside images using Unix nanoseconds as the seed value.

Nov 12, 2021
Repaint images by sorting pixels by colour
 Repaint images by sorting pixels by colour

Every Frame A Painting Sorts pixels in an image by colour and redraws the image

Jan 5, 2022
Provides a method to create thumbnails from provided images.

Thumbnail Generation Package for Go This package provides method to create thumbnails from provided images. Installation Use to go command: $ go get g

Aug 31, 2022
This command line converts .html file into .html with images embed.

embed-html This command line converts .html file into .html with images embed. Install > go get github.com/gonejack/embed-html Usage > embed-html *.ht

Oct 6, 2022