# install trivy
https://aquasecurity.github.io/trivy/v0.18.3/installation/
# install nats-server
curl -LO https://github.com/nats-io/nats-server/releases/download/v2.9.2/nats-server-v2.9.2-linux-amd64.tar.gz
tar -xzvf nats-server-v2.9.2-linux-amd64.tar.gz
mv nats-server-v2.9.2-linux-amd64/nats-server /usr/local/bin/
# upload systemd unit files
scp hack/systemd/nats-server.service [email protected]:/lib/systemd/system/nats-server.service
scp hack/systemd/scanner-backend.service [email protected]:/lib/systemd/system/scanner-backend.service
# ssh into remote server
$ ssh [email protected]
$ systemctl enable nats-server.service
$ systemctl enable scanner-backend.service
# on development machine
make build OS=linux ARCH=amd64
scp bin/scanner-linux-amd64 [email protected]:/root
# on production server
> ssh [email protected]
chmod +x scanner-linux-amd64
mv scanner-linux-amd64 /usr/local/bin/scanner
sudo systemctl restart scanner-backend
# generate report
nats -s this-is-nats.appscode.ninja \
--user=$NATS_USERNAME \
--password=$NATS_PASSWORD \
publish scanner.queue.scan centos
# read scanner report
nats -s this-is-nats.appscode.ninja \
--user=$NATS_USERNAME \
--password=$NATS_PASSWORD \
request scanner.report centos
# read scanner summary
nats -s this-is-nats.appscode.ninja \
--user=$NATS_USERNAME \
--password=$NATS_PASSWORD \
request scanner.summary centos
# list all images in a helm chart
helm template . \
| yq '..|.image? | select(.)' \
| sort -u | uniq | tr -d '"'