Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-26 15:10:43 -04:00
Code Issues Projects Releases Packages Wiki Activity

Improve styling, add explanation for screencasts, update verify cli script.

Browse source 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
Fabian Kammel 2023-02-13 16:20:58 +00:00 committed by Moritz Eckert
parent ef815f8947
commit 9e1c91f04b
7 changed files with 1270 additions and 1556 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/docs/workflows/sbom.md
View file

@ -1,6 +1,6 @@
# Consume software bill of materials (SBOMs)
<asciinemaWidget src="/constellation/assets/check-sbom.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} theme={'edgeless'} />
<asciinemaWidget src="/constellation/assets/check-sbom.cast" rows={18} cols={88} idleTimeLimit={3} preload={true} theme={'edgeless'} />
Constellation builds produce a [software bill of materials (SBOM)](https://www.ntia.gov/SBOM) for each generated [artifact](../architecture/microservices.md).
You can use SBOMs to make informed decisions about dependencies and vulnerabilities in a given application. Enterprises rely on SBOMs to maintain an inventory of used applications, which allows them to take data-driven approaches to managing risks related to vulnerabilities.

8
docs/docs/workflows/verify-cli.md
View file

@ -1,6 +1,12 @@
# Verify the CLI
<asciinemaWidget src="/constellation/assets/verify-cli.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} theme={'edgeless'} />
:::info
This recording presents the essence of this page. It is recommended to read it in full for the motivation and all details.
:::
<asciinemaWidget src="/constellation/assets/verify-cli.cast" rows={20} cols={112} idleTimeLimit={3} preload={true} theme={'edgeless'} />
---
Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/overview), [Rekor](https://docs.sigstore.dev/rekor/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at https://rekor.sigstore.dev/.

4
docs/screencasts/README.md
View file

@ -34,12 +34,14 @@ There are three different locations were styling is applied:
1. **The prompt** is styled using [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code).
More explanation and the actual color codes can be found in [Dockerfile](docker/Dockerfile).
2. **Font size and player dimensions** are passed to the [`AsciinemaWidget`](../src/components/AsciinemaWidget/index.js)
2. **Player dimensions** are passed to the [`AsciinemaWidget`](../src/components/AsciinemaWidget/index.js)
when it is [embedded in the docs](../docs/workflows/verify-cli.md#5). Check the `asciinema-player` for a
[full list of options](https://github.com/asciinema/asciinema-player#options).
3. **Everything else** is [styled via CSS](../src/css/custom.css). This includes the option to build a custom
[player theme](https://github.com/asciinema/asciinema-player/wiki/Custom-terminal-themes).
###
## GitHub README.md
The GitHub `README.md` does not support embedding the `asciinema-player`, therefore we generate an

33
docs/screencasts/docker/verify-cli.expect
View file

@ -22,41 +22,26 @@ spawn asciinema rec --overwrite /recordings/verify-cli.cast
send "\r"
expect_prompt
### Step 0: Requirements
run_command "echo Step 0: Installing requirements"
run_command "# Step 0: Installing SLSA verifier"
expect_prompt
run_command "go install github.com/sigstore/cosign/cmd/cosign@latest"
run_command "curl -sLO https://github.com/slsa-framework/slsa-verifier/releases/latest/download/slsa-verifier-linux-amd64"
expect_prompt
run_command "go install github.com/sigstore/rekor/cmd/rekor-cli@latest"
run_command "sudo install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier"
expect_prompt
### Step 1: Download CLI
run_command "echo Step 1: Download CLI and signature"
run_command "# Step 1: Download Constellation and provenance file"
expect_prompt
run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/download/v2.2.2/constellation-linux-amd64"
run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64"
expect_prompt
run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/download/v2.2.2/constellation-linux-amd64.sig"
run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.intoto.jsonl"
expect_prompt
### Step 2: Verify the CLI using cosign
run_command "echo Step 2: Verify the CLI using cosign and the public Rekor transparency log"
run_command "# Step 2: Verify provenance"
expect_prompt
# run_command "COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64"
run_command "COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://github.com/edgelesssys/constellation/releases/download/v2.2.2/cosign.pub --signature constellation-linux-amd64.sig constellation-linux-amd64"
run_command "slsa-verifier verify-artifact constellation-linux-amd64 --provenance-path constellation.intoto.jsonl --source-uri github.com/edgelesssys/constellation"
expect_prompt
### Step 2b: Verify the CLI manually
run_command "echo Optional Step 2b: Manually inspect the Rekor transparency log"
expect_prompt
run_command "rekor-cli search --artifact constellation-linux-amd64"
expect -re "\n(\[a-f0-9]+)\r"
set uuid '$expect_out(1,string)'
expect_prompt
run_command "rekor-cli get --uuid=$uuid"
expect_prompt
### Step 3: Install the CLI
run_command "echo Step 4: Install the CLI"
run_command "# Step 3: Install the CLI"
expect_prompt
run_command "sudo install constellation-linux-amd64 /usr/local/bin/constellation"
expect_prompt

2
docs/src/css/custom.css
View file

@ -79,9 +79,11 @@ html[data-theme='dark'] .header-github-link:before {
background-color: #000000; /* terminal background color */
border-color: #000000;
}
.asciinema-theme-edgeless .fg-bg { /* inverse for default text color */
color: #000000;
}
.asciinema-theme-edgeless .bg-fg { /* inverse for terminal background color */
background-color: #ffffff; /* controls color of the cursor */
}

903
docs/static/assets/check-sbom.cast vendored
View file

@ -1,452 +1,451 @@
{"version": 2, "width": 0, "height": 0, "timestamp": 1676291666, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}}
[0.011897, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[0.014383, "o", "e"]
[0.183925, "o", "c"]
[0.235192, "o", "h"]
[0.286405, "o", "o"]
[0.336836, "o", " "]
[0.388425, "o", "S"]
[0.439003, "o", "t"]
[0.574744, "o", "e"]
[0.625525, "o", "p"]
[0.678715, "o", " "]
[0.731932, "o", "0"]
[0.784297, "o", ":"]
[0.833906, "o", " "]
[0.934904, "o", "I"]
[0.987016, "o", "n"]
[1.037048, "o", "s"]
[1.208168, "o", "t"]
[1.283828, "o", "a"]
[1.392295, "o", "l"]
[1.444548, "o", "l"]
[1.571991, "o", "i"]
[1.626058, "o", "n"]
[1.688171, "o", "g"]
[1.74091, "o", " "]
[1.796988, "o", "r"]
[1.848482, "o", "e"]
[1.901347, "o", "q"]
[1.952024, "o", "u"]
[2.004068, "o", "i"]
[2.05595, "o", "r"]
[2.181747, "o", "e"]
[2.252183, "o", "m"]
[2.304924, "o", "e"]
[2.355784, "o", "n"]
[2.410123, "o", "t"]
[2.461671, "o", "s"]
[2.462002, "o", "\r\nStep 0: Installing requirements"]
[2.462093, "o", "\r\n"]
[2.462619, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[3.477607, "o", "c"]
[3.613489, "o", "u"]
[3.671231, "o", "r"]
[3.740403, "o", "l"]
[3.791852, "o", " "]
[3.868828, "o", "-"]
[3.919971, "o", "s"]
[4.008472, "o", "L"]
[4.068256, "o", "O"]
[4.12042, "o", " "]
[4.181088, "o", "h"]
[4.232129, "o", "t"]
[4.340853, "o", "t"]
[4.390855, "o", "p"]
[4.444315, "o", "s"]
[4.496574, "o", ":"]
[4.605125, "o", "/"]
[4.657512, "o", "/"]
[4.734159, "o", "g"]
[4.853397, "o", "i"]
[4.940243, "o", "t"]
[5.120772, "o", "h"]
[5.173066, "o", "u"]
[5.300064, "o", "b"]
[5.349569, "o", "."]
[5.473209, "o", "c"]
[5.525214, "o", "o"]
[5.768289, "o", "m"]
[5.819067, "o", "/"]
[5.89426, "o", "a"]
[5.969676, "o", "n"]
[6.021912, "o", "c"]
[6.101388, "o", "h"]
[6.154723, "o", "o"]
[6.240577, "o", "r"]
[6.292184, "o", "e"]
[6.343687, "o", "/"]
[6.396262, "o", "g"]
[6.449069, "o", "r"]
[6.498861, "o", "y"]
[6.550537, "o", "p"]
[6.607724, "o", "e"]
[6.659161, "o", "/"]
[6.709918, "o", "r"]
[6.871782, "o", "e"]
[6.924609, "o", "l"]
[7.186346, "o", "e"]
[7.275016, "o", "a"]
[7.32712, "o", "s"]
[7.38517, "o", "e"]
[7.436902, "o", "s"]
[7.489161, "o", "/"]
[7.54159, "o", "d"]
[7.593124, "o", "o"]
[7.648453, "o", "w"]
[7.775726, "o", "n"]
[7.836596, "o", "l"]
[7.908883, "o", "o"]
[7.964829, "o", "a"]
[8.039651, "o", "d"]
[8.102347, "o", "/"]
[8.154326, "o", "v"]
[8.204855, "o", "0"]
[8.266431, "o", "."]
[8.332329, "o", "5"]
[8.416564, "o", "6"]
[8.477899, "o", "."]
[8.531601, "o", "0"]
[8.5821, "o", "/"]
[8.633131, "o", "g"]
[8.686476, "o", "r"]
[8.737472, "o", "y"]
[8.797286, "o", "p"]
[8.872942, "o", "e"]
[8.936524, "o", "_"]
[9.028732, "o", "0"]
[9.085572, "o", "."]
[9.250032, "o", "5"]
[9.301275, "o", "6"]
[9.351658, "o", "."]
[9.4086, "o", "0"]
[9.470328, "o", "_"]
[9.528799, "o", "l"]
[9.610797, "o", "i"]
[9.671146, "o", "n"]
[9.724607, "o", "u"]
[9.77483, "o", "x"]
[9.827451, "o", "_"]
[9.890334, "o", "a"]
[9.953436, "o", "m"]
[10.005388, "o", "d"]
[10.069114, "o", "6"]
[10.119931, "o", "4"]
[10.179505, "o", "."]
[10.241676, "o", "t"]
[10.318257, "o", "a"]
[10.369171, "o", "r"]
[10.442333, "o", "."]
[10.502694, "o", "g"]
[10.600882, "o", "z\r\n"]
[11.455805, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[11.456677, "o", "t"]
[11.542408, "o", "a"]
[11.596375, "o", "r"]
[11.647445, "o", " "]
[11.699639, "o", "-"]
[11.790191, "o", "x"]
[11.887189, "o", "v"]
[11.938743, "o", "z"]
[11.990844, "o", "f"]
[12.042817, "o", " "]
[12.147747, "o", "g"]
[12.303076, "o", "r"]
[12.353853, "o", "y"]
[12.412113, "o", "p"]
[12.462662, "o", "e"]
[12.519776, "o", "_"]
[12.573284, "o", "0"]
[12.636684, "o", "."]
[12.685822, "o", "5"]
[12.773849, "o", "6"]
[12.82401, "o", "."]
[12.881088, "o", "0"]
[12.938298, "o", "_"]
[13.134159, "o", "l"]
[13.314894, "o", "i"]
[13.388613, "o", "n"]
[13.441799, "o", "u"]
[13.524175, "o", "x"]
[13.600203, "o", "_"]
[13.657476, "o", "a"]
[13.717273, "o", "m"]
[13.768428, "o", "d"]
[13.825338, "o", "6"]
[13.877039, "o", "4"]
[13.927743, "o", "."]
[13.978445, "o", "t"]
[14.036897, "o", "a"]
[14.085439, "o", "r"]
[14.141303, "o", "."]
[14.192606, "o", "g"]
[14.243185, "o", "z\r\n"]
[14.248022, "o", "CHANGELOG.md\r\n"]
[14.248291, "o", "LICENSE\r\nREADME.md\r\n"]
[14.248471, "o", "grype\r\n"]
[14.993505, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[14.995006, "o", "s"]
[15.048272, "o", "u"]
[15.09847, "o", "d"]
[15.186965, "o", "o"]
[15.237726, "o", " "]
[15.30458, "o", "i"]
[15.35504, "o", "n"]
[15.406351, "o", "s"]
[15.456342, "o", "t"]
[15.616681, "o", "a"]
[15.697654, "o", "l"]
[15.761638, "o", "l"]
[15.820284, "o", " "]
[15.869895, "o", "g"]
[15.929015, "o", "r"]
[15.994097, "o", "y"]
[16.046619, "o", "p"]
[16.1083, "o", "e"]
[16.158813, "o", " "]
[16.243789, "o", "/"]
[16.359929, "o", "u"]
[16.516164, "o", "s"]
[16.838678, "o", "r"]
[16.890234, "o", "/"]
[16.941402, "o", "l"]
[17.000254, "o", "o"]
[17.06324, "o", "c"]
[17.12137, "o", "a"]
[17.178075, "o", "l"]
[17.228719, "o", "/"]
[17.280593, "o", "b"]
[17.331953, "o", "i"]
[17.38465, "o", "n"]
[17.436294, "o", "/"]
[17.521229, "o", "g"]
[17.602932, "o", "r"]
[17.70823, "o", "y"]
[17.855531, "o", "p"]
[17.918911, "o", "e"]
[17.919103, "o", "\r\n"]
[17.987916, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[18.99235, "o", "g"]
[19.05333, "o", "r"]
[19.106234, "o", "y"]
[19.176377, "o", "p"]
[19.234391, "o", "e"]
[19.290032, "o", " "]
[19.340258, "o", "-"]
[19.392899, "o", "-"]
[19.44328, "o", "h"]
[19.49458, "o", "e"]
[19.545278, "o", "l"]
[19.609385, "o", "p\r\n"]
[19.676316, "o", "A vulnerability scanner for container images, filesystems, and SBOMs.\r\n\r\nSupports the following image sources:\r\n grype yourrepo/yourimage:tag defaults to using images from a Docker daemon\r\n grype path/to/yourproject a Docker tar, OCI tar, OCI directory, SIF container, or generic filesystem directory\r\n grype attestation.json --key cosign.pub extract and scan SBOM from attestation file\r\n\r\nYou can also explicitly specify the scheme to use:\r\n grype podman:yourrepo/yourimage:tag explicitly use the Podman daemon\r\n grype docker:yourrepo/yourimage:tag explicitly use the Docker daemon\r\n grype docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from \"docker save\"\r\n grype oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Podman or otherwise)\r\n grype oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)\r\n grype"]
[19.676945, "o", " singularity:path/to/yourimage.sif read directly from a Singularity Image Format (SIF) container on disk\r\n grype dir:path/to/yourproject read directly from a path on disk (any directory)\r\n grype sbom:path/to/syft.json read Syft JSON from path on disk\r\n grype registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required)\r\n grype att:attestation.json --key cosign.pub explicitly use the input as an attestation\r\n grype purl:path/to/purl/file read a newline separated file of purls from a path on disk\r\n\r\nYou can also pipe in Syft JSON directly:\r\n\tsyft yourimage:tag -o json | grype\r\n\r\n"]
[19.677853, "o", "Usage:\r\n grype [IMAGE] [flags]\r\n grype [command]\r\n\r\nAvailable Commands:\r\n completion Generate a shell completion for Grype (listing local docker images)\r\n db vulnerability database operations\r\n help Help about any command\r\n version show the version\r\n\r\nFlags:\r\n --add-cpes-if-none generate CPEs for packages with no CPE data\r\n --by-cve orient results by CVE instead of the original vulnerability ID when possible\r\n -c, --config string application config file\r\n --distro string distro to match against in the format: <distro>:<version>\r\n --exclude stringArray exclude paths from being scanned using a glob expression\r\n -f, --fail-on string set the return code to 1 if a vulnerability is found with a severity >= the given severity, options=[negligible low medium high critical]\r\n --file string file to write the report output to (default is STDOUT)\r\n -h, --help help for grype\r\n --key string "]
[19.677927, "o", " File path to a public key to validate attestation\r\n --only-fixed ignore matches for vulnerabilities that are not fixed\r\n --only-notfixed ignore matches for vulnerabilities that are fixed\r\n -o, --output string report output formatter, formats=[json table cyclonedx cyclonedx-json sarif template], deprecated formats=[embedded-cyclonedx-vex-json embedded-cyclonedx-vex-xml]\r\n --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')\r\n -q, --quiet suppress all logging output\r\n -s, --scope string selection of layers to analyze, options=[Squashed AllLayers] (default \"Squashed\")\r\n --show-suppressed show suppressed/ignored vulnerabilities in the output (only supported with table output format)\r\n -t, --template string specify the path to a Go template file (requires 'template' output to be selected)\r\n -v, --verbose count increase verbo"]
[19.67795, "o", "sity (-v = info, -vv = debug)\r\n\r\nUse \"grype [command] --help\" for more information about a command.\r\n"]
[19.682904, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[20.70357, "o", "e"]
[20.758551, "o", "c"]
[20.811453, "o", "h"]
[20.887754, "o", "o"]
[20.956192, "o", " "]
[21.031128, "o", "S"]
[21.096257, "o", "t"]
[21.160617, "o", "e"]
[21.228191, "o", "p"]
[21.280305, "o", " "]
[21.33238, "o", "1"]
[21.384667, "o", ":"]
[21.54297, "o", " "]
[21.619944, "o", "D"]
[21.671225, "o", "o"]
[21.720957, "o", "w"]
[21.775908, "o", "n"]
[21.827256, "o", "l"]
[21.877942, "o", "o"]
[21.927682, "o", "a"]
[22.101162, "o", "d"]
[22.158091, "o", " "]
[22.208551, "o", "C"]
[22.259457, "o", "o"]
[22.311443, "o", "n"]
[22.435545, "o", "s"]
[22.487741, "o", "t"]
[22.556628, "o", "e"]
[22.607976, "o", "l"]
[22.658175, "o", "l"]
[22.74406, "o", "a"]
[22.795219, "o", "t"]
[22.864304, "o", "i"]
[22.916622, "o", "o"]
[23.022559, "o", "n"]
[23.076188, "o", " "]
[23.186592, "o", "S"]
[23.250198, "o", "B"]
[23.306529, "o", "O"]
[23.369045, "o", "M\r\nStep 1: Download Constellation SBOM\r\n\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[24.373687, "o", "c"]
[24.446073, "o", "u"]
[24.497277, "o", "r"]
[24.707348, "o", "l"]
[24.757998, "o", " "]
[24.828066, "o", "-"]
[24.879659, "o", "s"]
[25.098761, "o", "L"]
[25.161515, "o", "O"]
[25.225804, "o", " "]
[25.284842, "o", "h"]
[25.356174, "o", "t"]
[25.408006, "o", "t"]
[25.460045, "o", "p"]
[25.512226, "o", "s"]
[25.578257, "o", ":"]
[25.633739, "o", "/"]
[25.691847, "o", "/"]
[25.743252, "o", "g"]
[25.793185, "o", "i"]
[25.843393, "o", "t"]
[25.905166, "o", "h"]
[25.964744, "o", "u"]
[26.016707, "o", "b"]
[26.069994, "o", "."]
[26.125608, "o", "c"]
[26.187154, "o", "o"]
[26.245359, "o", "m"]
[26.30912, "o", "/"]
[26.366615, "o", "e"]
[26.451009, "o", "d"]
[26.545752, "o", "g"]
[26.595166, "o", "e"]
[26.778987, "o", "l"]
[26.861065, "o", "e"]
[26.931861, "o", "s"]
[26.992818, "o", "s"]
[27.044972, "o", "s"]
[27.095678, "o", "y"]
[27.145715, "o", "s"]
[27.196316, "o", "/"]
[27.296296, "o", "c"]
[27.349035, "o", "o"]
[27.402413, "o", "n"]
[27.452431, "o", "s"]
[27.504972, "o", "t"]
[27.559214, "o", "e"]
[27.616715, "o", "l"]
[27.672995, "o", "l"]
[27.722913, "o", "a"]
[27.773226, "o", "t"]
[27.849422, "o", "i"]
[27.89984, "o", "o"]
[27.957986, "o", "n"]
[28.012605, "o", "/"]
[28.132442, "o", "r"]
[28.184684, "o", "e"]
[28.25522, "o", "l"]
[28.308602, "o", "e"]
[28.405802, "o", "a"]
[28.458431, "o", "s"]
[28.575899, "o", "e"]
[28.633047, "o", "s"]
[28.690274, "o", "/"]
[28.741186, "o", "l"]
[28.796213, "o", "a"]
[28.925642, "o", "t"]
[29.036621, "o", "e"]
[29.087323, "o", "s"]
[29.139228, "o", "t"]
[29.189182, "o", "/"]
[29.240019, "o", "d"]
[29.296047, "o", "o"]
[29.476018, "o", "w"]
[29.549442, "o", "n"]
[29.608211, "o", "l"]
[29.662641, "o", "o"]
[29.7783, "o", "a"]
[29.895466, "o", "d"]
[29.961263, "o", "/"]
[30.016024, "o", "c"]
[30.073023, "o", "o"]
[30.151992, "o", "n"]
[30.223916, "o", "s"]
[30.274343, "o", "t"]
[30.324637, "o", "e"]
[30.376581, "o", "l"]
[30.456306, "o", "l"]
[30.520502, "o", "a"]
[30.586707, "o", "t"]
[30.63869, "o", "i"]
[30.688766, "o", "o"]
[30.739814, "o", "n"]
[30.79956, "o", "."]
[30.865341, "o", "s"]
[30.949063, "o", "p"]
[31.00153, "o", "d"]
[31.060125, "o", "x"]
[31.116236, "o", "."]
[31.209146, "o", "s"]
[31.273212, "o", "b"]
[31.339384, "o", "o"]
[31.390592, "o", "m\r\n"]
[32.545621, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[32.546593, "o", "g"]
[32.596492, "o", "r"]
[32.690326, "o", "y"]
[32.741194, "o", "p"]
[32.799477, "o", "e"]
[32.850416, "o", " "]
[32.901905, "o", "c"]
[32.951728, "o", "o"]
[33.009401, "o", "n"]
[33.06509, "o", "s"]
[33.121664, "o", "t"]
[33.236646, "o", "e"]
[33.288676, "o", "l"]
[33.41236, "o", "l"]
[33.462906, "o", "a"]
[33.52436, "o", "t"]
[33.676579, "o", "i"]
[33.755849, "o", "o"]
[33.826945, "o", "n"]
[33.894175, "o", "."]
[33.946079, "o", "s"]
[34.001836, "o", "p"]
[34.055755, "o", "d"]
[34.12957, "o", "x"]
[34.181646, "o", "."]
[34.255176, "o", "s"]
[34.306991, "o", "b"]
[34.359157, "o", "o"]
[34.412666, "o", "m"]
[34.475964, "o", " "]
[34.529584, "o", "-"]
[34.612604, "o", "o"]
[34.662539, "o", " "]
[34.71406, "o", "t"]
[34.76518, "o", "a"]
[34.900494, "o", "b"]
[34.952784, "o", "l"]
[35.003607, "o", "e"]
[35.05571, "o", " "]
[35.299951, "o", "-"]
[35.354875, "o", "q\r\n"]
[54.63716, "o", "NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY \r\nhelm.sh/helm/v3 v3.10.3 3.11.1 "]
[54.637257, "o", "go-module GHSA-pwcw-6f5g-gxf8 Medium \r\n"]
[54.644528, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[54.645355, "o", "e"]
[54.697819, "o", "c"]
[54.783746, "o", "h"]
[54.834596, "o", "o"]
[54.886104, "o", " "]
[54.936417, "o", "W"]
[54.987603, "o", "e"]
[55.041166, "o", " "]
[55.170727, "o", "a"]
[55.221354, "o", "r"]
[55.276069, "o", "e"]
[55.327597, "o", " "]
[55.380275, "o", "s"]
[55.43465, "o", "a"]
[55.481665, "o", "f"]
[55.532149, "o", "e"]
[55.582808, "o", "!\r\nWe are safe!\r\n"]
[55.583046, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
{"version": 2, "width": 0, "height": 0, "timestamp": 1676304860, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}}
[0.014258, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[0.016319, "o", "e"]
[0.147908, "o", "c"]
[0.198741, "o", "h"]
[0.248945, "o", "o"]
[0.305781, "o", " "]
[0.357991, "o", "S"]
[0.411869, "o", "t"]
[0.539606, "o", "e"]
[0.590536, "o", "p"]
[0.641964, "o", " "]
[0.692636, "o", "0"]
[0.745296, "o", ":"]
[0.8001, "o", " "]
[0.88274, "o", "I"]
[0.933879, "o", "n"]
[0.985336, "o", "s"]
[1.243977, "o", "t"]
[1.319683, "o", "a"]
[1.411702, "o", "l"]
[1.462589, "o", "l"]
[1.586948, "o", "i"]
[1.662353, "o", "n"]
[1.728674, "o", "g"]
[1.780971, "o", " "]
[1.8541, "o", "r"]
[1.904633, "o", "e"]
[1.956066, "o", "q"]
[2.019542, "o", "u"]
[2.070656, "o", "i"]
[2.121979, "o", "r"]
[2.225544, "o", "e"]
[2.278482, "o", "m"]
[2.332675, "o", "e"]
[2.382172, "o", "n"]
[2.432006, "o", "t"]
[2.49851, "o", "s\r\nStep 0: Installing requirements\r\n\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[3.537489, "o", "c"]
[3.70954, "o", "u"]
[3.7718, "o", "r"]
[3.838085, "o", "l"]
[3.893964, "o", " "]
[3.973647, "o", "-"]
[4.024795, "o", "s"]
[4.113442, "o", "L"]
[4.184237, "o", "O"]
[4.251556, "o", " "]
[4.310702, "o", "h"]
[4.370591, "o", "t"]
[4.477867, "o", "t"]
[4.534137, "o", "p"]
[4.58745, "o", "s"]
[4.638375, "o", ":"]
[4.740661, "o", "/"]
[4.794601, "o", "/"]
[4.850783, "o", "g"]
[4.969381, "o", "i"]
[5.052243, "o", "t"]
[5.248581, "o", "h"]
[5.29895, "o", "u"]
[5.419303, "o", "b"]
[5.472049, "o", "."]
[5.596778, "o", "c"]
[5.647747, "o", "o"]
[5.888603, "o", "m"]
[5.941399, "o", "/"]
[5.999733, "o", "a"]
[6.071951, "o", "n"]
[6.139544, "o", "c"]
[6.205957, "o", "h"]
[6.256124, "o", "o"]
[6.341927, "o", "r"]
[6.392395, "o", "e"]
[6.44267, "o", "/"]
[6.49352, "o", "g"]
[6.545396, "o", "r"]
[6.595562, "o", "y"]
[6.64871, "o", "p"]
[6.705208, "o", "e"]
[6.756864, "o", "/"]
[6.809799, "o", "r"]
[6.991888, "o", "e"]
[7.07069, "o", "l"]
[7.261961, "o", "e"]
[7.408747, "o", "a"]
[7.459333, "o", "s"]
[7.511697, "o", "e"]
[7.563398, "o", "s"]
[7.613716, "o", "/"]
[7.674591, "o", "d"]
[7.725666, "o", "o"]
[7.779589, "o", "w"]
[7.903899, "o", "n"]
[7.95494, "o", "l"]
[8.020008, "o", "o"]
[8.078168, "o", "a"]
[8.129569, "o", "d"]
[8.180866, "o", "/"]
[8.238662, "o", "v"]
[8.290588, "o", "0"]
[8.341802, "o", "."]
[8.397745, "o", "5"]
[8.47278, "o", "6"]
[8.544053, "o", "."]
[8.595203, "o", "0"]
[8.646864, "o", "/"]
[8.701133, "o", "g"]
[8.785058, "o", "r"]
[8.835913, "o", "y"]
[8.916697, "o", "p"]
[8.98708, "o", "e"]
[9.047218, "o", "_"]
[9.131032, "o", "0"]
[9.185766, "o", "."]
[9.347581, "o", "5"]
[9.407645, "o", "6"]
[9.459212, "o", "."]
[9.510563, "o", "0"]
[9.603953, "o", "_"]
[9.712623, "o", "l"]
[9.80573, "o", "i"]
[9.946999, "o", "n"]
[10.02987, "o", "u"]
[10.081054, "o", "x"]
[10.180732, "o", "_"]
[10.301933, "o", "a"]
[10.37461, "o", "m"]
[10.425752, "o", "d"]
[10.484847, "o", "6"]
[10.677988, "o", "4"]
[10.730128, "o", "."]
[10.780738, "o", "t"]
[10.87011, "o", "a"]
[10.983056, "o", "r"]
[11.037611, "o", "."]
[11.119115, "o", "g"]
[11.204079, "o", "z\r\n"]
[12.137103, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[12.138161, "o", "t"]
[12.246887, "o", "a"]
[12.29686, "o", "r"]
[12.416698, "o", " "]
[12.474427, "o", "-"]
[12.577777, "o", "x"]
[12.672139, "o", "v"]
[12.7513, "o", "z"]
[12.826173, "o", "f"]
[12.932739, "o", " "]
[13.037604, "o", "g"]
[13.195142, "o", "r"]
[13.250357, "o", "y"]
[13.300933, "o", "p"]
[13.352709, "o", "e"]
[13.405721, "o", "_"]
[13.472846, "o", "0"]
[13.523915, "o", "."]
[13.589917, "o", "5"]
[13.678719, "o", "6"]
[13.855924, "o", "."]
[13.914734, "o", "0"]
[13.982688, "o", "_"]
[14.31641, "o", "l"]
[14.621136, "o", "i"]
[14.673647, "o", "n"]
[14.792207, "o", "u"]
[14.875796, "o", "x"]
[14.929916, "o", "_"]
[15.019612, "o", "a"]
[15.070816, "o", "m"]
[15.122865, "o", "d"]
[15.173771, "o", "6"]
[15.275692, "o", "4"]
[15.35662, "o", "."]
[15.410645, "o", "t"]
[15.469835, "o", "a"]
[15.527375, "o", "r"]
[15.578194, "o", "."]
[15.65605, "o", "g"]
[15.706614, "o", "z\r\n"]
[15.71628, "o", "CHANGELOG.md\r\n"]
[15.716365, "o", "LICENSE\r\n"]
[15.716604, "o", "README.md\r\n"]
[15.717786, "o", "grype\r\n"]
[16.52642, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[16.527473, "o", "s"]
[16.582772, "o", "u"]
[16.63468, "o", "d"]
[16.713678, "o", "o"]
[16.77796, "o", " "]
[16.841252, "o", "i"]
[16.939435, "o", "n"]
[17.029069, "o", "s"]
[17.085852, "o", "t"]
[17.245972, "o", "a"]
[17.322229, "o", "l"]
[17.403441, "o", "l"]
[17.457074, "o", " "]
[17.507624, "o", "g"]
[17.573708, "o", "r"]
[17.625971, "o", "y"]
[17.693953, "o", "p"]
[17.745704, "o", "e"]
[17.826558, "o", " "]
[17.892829, "o", "/"]
[18.046714, "o", "u"]
[18.243745, "o", "s"]
[18.544221, "o", "r"]
[18.595177, "o", "/"]
[18.646147, "o", "l"]
[18.697705, "o", "o"]
[18.749538, "o", "c"]
[18.800961, "o", "a"]
[18.856469, "o", "l"]
[18.915846, "o", "/"]
[18.966621, "o", "b"]
[19.081934, "o", "i"]
[19.132062, "o", "n"]
[19.188683, "o", "/"]
[19.282981, "o", "g"]
[19.366901, "o", "r"]
[19.47298, "o", "y"]
[19.621002, "o", "p"]
[19.684927, "o", "e\r\n"]
[19.793857, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[20.796593, "o", "g"]
[20.862136, "o", "r"]
[20.916606, "o", "y"]
[20.981238, "o", "p"]
[21.032599, "o", "e"]
[21.186162, "o", " "]
[21.237293, "o", "-"]
[21.288299, "o", "-"]
[21.340453, "o", "h"]
[21.394639, "o", "e"]
[21.450604, "o", "l"]
[21.516778, "o", "p\r\n"]
[21.584571, "o", "A vulnerability scanner for container images, filesystems, and SBOMs.\r\n\r\nSupports the following image sources:\r\n grype yourrepo/yourimage:tag defaults to using images from a Docker daemon\r\n grype path/to/yourproject a Docker tar, OCI tar, OCI directory, SIF container, or generic filesystem directory\r\n grype attestation.json --key cosign.pub extract and scan SBOM from attestation file\r\n\r\nYou can also explicitly specify the scheme to use:\r\n grype podman:yourrepo/yourimage:tag explicitly use the Podman daemon\r\n grype docker:yourrepo/yourimage:tag explicitly use the Docker daemon\r\n grype docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from \"docker save\"\r\n grype oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Podman or otherwise)\r\n grype oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise)\r\n grype"]
[21.584712, "o", " singularity:path/to/yourimage.sif read directly from a Singularity Image Format (SIF) container on disk\r\n grype dir:path/to/yourproject read directly from a path on disk (any directory)\r\n grype sbom:path/to/syft.json read Syft JSON from path on disk\r\n grype registry:yourrepo/yourimage:tag pull image directly from a registry (no container runtime required)\r\n grype att:attestation.json --key cosign.pub explicitly use the input as an attestation\r\n grype purl:path/to/purl/file read a newline separated file of purls from a path on disk\r\n\r\nYou can also pipe in Syft JSON directly:\r\n\tsyft yourimage:tag -o json | grype\r\n\r\n"]
[21.585386, "o", "Usage:\r\n grype [IMAGE] [flags]\r\n grype [command]\r\n\r\nAvailable Commands:\r\n completion Generate a shell completion for Grype (listing local docker images)\r\n db vulnerability database operations\r\n help Help about any command\r\n version show the version\r\n\r\nFlags:\r\n --add-cpes-if-none generate CPEs for packages with no CPE data\r\n --by-cve orient results by CVE instead of the original vulnerability ID when possible\r\n -c, --config string application config file\r\n --distro string distro to match against in the format: <distro>:<version>\r\n --exclude stringArray exclude paths from being scanned using a glob expression\r\n -f, --fail-on string set the return code to 1 if a vulnerability is found with a severity >= the given severity, options=[negligible low medium high critical]\r\n --file string file to write the report output to (default is STDOUT)\r\n -h, --help help for grype\r\n --key string "]
[21.585462, "o", " File path to a public key to validate attestation\r\n --only-fixed ignore matches for vulnerabilities that are not fixed\r\n --only-notfixed ignore matches for vulnerabilities that are fixed\r\n -o, --output string report output formatter, formats=[json table cyclonedx cyclonedx-json sarif template], deprecated formats=[embedded-cyclonedx-vex-json embedded-cyclonedx-vex-xml]\r\n --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')\r\n -q, --quiet suppress all logging output\r\n -s, --scope string selection of layers to analyze, options=[Squashed AllLayers] (default \"Squashed\")\r\n --show-suppressed show suppressed/ignored vulnerabilities in the output (only supported with table output format)\r\n -t, --template string specify the path to a Go template file (requires 'template' output to be selected)\r\n -v, --verbose count increase verbo"]
[21.585479, "o", "sity (-v = info, -vv = debug)\r\n\r\nUse \"grype [command] --help\" for more information about a command.\r\n"]
[21.58928, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[22.591627, "o", "e"]
[22.646603, "o", "c"]
[22.700741, "o", "h"]
[22.857196, "o", "o"]
[22.907759, "o", " "]
[22.961605, "o", "S"]
[23.014236, "o", "t"]
[23.06458, "o", "e"]
[23.138108, "o", "p"]
[23.192001, "o", " "]
[23.281113, "o", "1"]
[23.331683, "o", ":"]
[23.492769, "o", " "]
[23.572289, "o", "D"]
[23.631373, "o", "o"]
[23.705003, "o", "w"]
[23.759634, "o", "n"]
[23.817747, "o", "l"]
[23.869589, "o", "o"]
[23.921162, "o", "a"]
[24.093066, "o", "d"]
[24.14385, "o", " "]
[24.194431, "o", "C"]
[24.24564, "o", "o"]
[24.30198, "o", "n"]
[24.423072, "o", "s"]
[24.487867, "o", "t"]
[24.615281, "o", "e"]
[24.676771, "o", "l"]
[24.727439, "o", "l"]
[24.834011, "o", "a"]
[24.885668, "o", "t"]
[24.966732, "o", "i"]
[25.018, "o", "o"]
[25.128218, "o", "n"]
[25.185443, "o", " "]
[25.296859, "o", "S"]
[25.387908, "o", "B"]
[25.459042, "o", "O"]
[25.515445, "o", "M\r\nStep 1: Download Constellation SBOM\r\n"]
[25.515514, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[26.533124, "o", "c"]
[26.605959, "o", "u"]
[26.656397, "o", "r"]
[26.858518, "o", "l"]
[26.917733, "o", " "]
[26.984349, "o", "-"]
[27.038141, "o", "s"]
[27.392088, "o", "L"]
[27.44242, "o", "O"]
[27.496859, "o", " "]
[27.548113, "o", "h"]
[27.692295, "o", "t"]
[27.758098, "o", "t"]
[27.812992, "o", "p"]
[27.885416, "o", "s"]
[27.974524, "o", ":"]
[28.027517, "o", "/"]
[28.079079, "o", "/"]
[28.158502, "o", "g"]
[28.211591, "o", "i"]
[28.263135, "o", "t"]
[28.314531, "o", "h"]
[28.381679, "o", "u"]
[28.432179, "o", "b"]
[28.486826, "o", "."]
[28.53877, "o", "c"]
[28.589969, "o", "o"]
[28.661475, "o", "m"]
[28.723181, "o", "/"]
[28.831165, "o", "e"]
[28.916173, "o", "d"]
[29.00669, "o", "g"]
[29.057381, "o", "e"]
[29.316139, "o", "l"]
[29.400496, "o", "e"]
[29.482954, "o", "s"]
[29.533056, "o", "s"]
[29.584854, "o", "s"]
[29.646361, "o", "y"]
[29.697801, "o", "s"]
[29.749229, "o", "/"]
[29.863912, "o", "c"]
[29.918267, "o", "o"]
[29.968863, "o", "n"]
[30.020935, "o", "s"]
[30.077747, "o", "t"]
[30.127941, "o", "e"]
[30.181976, "o", "l"]
[30.233238, "o", "l"]
[30.287936, "o", "a"]
[30.337989, "o", "t"]
[30.389658, "o", "i"]
[30.458023, "o", "o"]
[30.513541, "o", "n"]
[30.56674, "o", "/"]
[30.682902, "o", "r"]
[30.732785, "o", "e"]
[30.834215, "o", "l"]
[30.88464, "o", "e"]
[30.98251, "o", "a"]
[31.036627, "o", "s"]
[31.158875, "o", "e"]
[31.229535, "o", "s"]
[31.33835, "o", "/"]
[31.39088, "o", "l"]
[31.459981, "o", "a"]
[31.589338, "o", "t"]
[31.719623, "o", "e"]
[31.808599, "o", "s"]
[31.880538, "o", "t"]
[31.936367, "o", "/"]
[32.020027, "o", "d"]
[32.091725, "o", "o"]
[32.263413, "o", "w"]
[32.425712, "o", "n"]
[32.48209, "o", "l"]
[32.573819, "o", "o"]
[32.714407, "o", "a"]
[32.893859, "o", "d"]
[32.984666, "o", "/"]
[33.034733, "o", "c"]
[33.09691, "o", "o"]
[33.214526, "o", "n"]
[33.293902, "o", "s"]
[33.352639, "o", "t"]
[33.42992, "o", "e"]
[33.487593, "o", "l"]
[33.540807, "o", "l"]
[33.669878, "o", "a"]
[33.738498, "o", "t"]
[33.849436, "o", "i"]
[33.920676, "o", "o"]
[33.987382, "o", "n"]
[34.037582, "o", "."]
[34.130613, "o", "s"]
[34.231961, "o", "p"]
[34.283316, "o", "d"]
[34.338883, "o", "x"]
[34.390737, "o", "."]
[34.489558, "o", "s"]
[34.553427, "o", "b"]
[34.618802, "o", "o"]
[34.671588, "o", "m\r\n"]
[35.533411, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[35.534491, "o", "g"]
[35.586195, "o", "r"]
[35.679925, "o", "y"]
[35.729778, "o", "p"]
[35.787217, "o", "e"]
[35.840085, "o", " "]
[35.890096, "o", "c"]
[35.981082, "o", "o"]
[36.032125, "o", "n"]
[36.083234, "o", "s"]
[36.169551, "o", "t"]
[36.273265, "o", "e"]
[36.3419, "o", "l"]
[36.465702, "o", "l"]
[36.516289, "o", "a"]
[36.606248, "o", "t"]
[36.728005, "o", "i"]
[36.804882, "o", "o"]
[36.877834, "o", "n"]
[36.934016, "o", "."]
[37.012769, "o", "s"]
[37.086365, "o", "p"]
[37.144861, "o", "d"]
[37.235131, "o", "x"]
[37.303069, "o", "."]
[37.38839, "o", "s"]
[37.44069, "o", "b"]
[37.522475, "o", "o"]
[37.57473, "o", "m"]
[37.649871, "o", " "]
[37.708744, "o", "-"]
[37.78798, "o", "o"]
[37.898006, "o", " "]
[37.949149, "o", "t"]
[38.002544, "o", "a"]
[38.148022, "o", "b"]
[38.200062, "o", "l"]
[38.274648, "o", "e"]
[38.331555, "o", " "]
[38.579667, "o", "-"]
[38.659714, "o", "q\r\n"]
[52.07224, "o", "NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY \r\nhelm.sh/helm/v3 v3.10.3 "]
[52.072469, "o", "3.11.1 go-module GHSA-pwcw-6f5g-gxf8 Medium \r\n"]
[52.079013, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]
[52.079696, "o", "e"]
[52.137411, "o", "c"]
[52.270879, "o", "h"]
[52.325886, "o", "o"]
[52.408789, "o", " "]
[52.463689, "o", "W"]
[52.519469, "o", "e"]
[52.572771, "o", " "]
[52.790253, "o", "a"]
[52.86986, "o", "r"]
[52.926369, "o", "e"]
[52.988247, "o", " "]
[53.084404, "o", "s"]
[53.135443, "o", "a"]
[53.188566, "o", "f"]
[53.287513, "o", "e"]
[53.346043, "o", "!\r\n"]
[53.346137, "o", "We are safe!\r\n"]
[53.346983, "o", "\u001b[38;2;144;255;153m~/constellation\u001b[0m\r\r\n\u001b[38;2;139;4;221m$\u001b[0m "]

1874
docs/static/assets/verify-cli.cast vendored
View file

File diff suppressed because it is too large Load diff