This script will find end of life software and dependencies in container images with xeol.
It gets all running containers images as well as all the images in the local registry. Then for each of the images: if the image is not an intermediate layer nor tagged with the "localhost/" prefix it runs an xeol scan on all layers and outputs its findings if any.
chmod +x check-eol.sh./check.sh| #!/usr/bin/env bash | |
| set -uo pipefail | |
| if command -v podman >/dev/null 2>&1; then | |
| RUNTIME="podman" | |
| SOCKET="/var/run/podman/podman.sock" | |
| elif command -v docker >/dev/null 2>&1; then | |
| RUNTIME="docker" | |
| SOCKET="/var/run/docker.sock" | |
| else | |
| echo "Error: neither podman nor docker found in PATH" | |
| exit 1 | |
| fi | |
| running_imgs=$($RUNTIME ps --format '{{.Image}}') | |
| host_imgs=$($RUNTIME images --format '{{.Repository}}:{{.Tag}}') | |
| all_imgs=$(printf "%s\n%s\n" "$running_imgs" "$host_imgs" | sort -u) | |
| while read -r img; do | |
| if [[ "$img" == "" ]] || [[ "$img" == "<none>:<none>" ]] || [[ "$img" == localhost/* ]]; then | |
| continue | |
| fi | |
| echo "Scanning image $img" | |
| $RUNTIME run --rm \ | |
| --volume "$SOCKET":/var/run/docker.sock \ | |
| --name xeol docker.io/noqcks/xeol:latest --quiet $img --scope all-layers | |
| done <<< "$all_imgs" |