Image Get
This source component lets Smithy download a remote image from any registry.
How to use
Open-Source
- Add the component to the workflow:
# file ./my-workflow/workflow.yml
description: Trufflehog based workflow
name: trufflehog
components:
- component: ghcr.io/smithy-security/smithy/manifests/components/targets/image-get:v1.1.15
- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/trivy:v1.2.3
- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.1
- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.1
- Configure the run parameters of the component in the overrides file:
# file: ./my-workflow/overrides.yaml
image-get:
- name: image
type: string
value: "ubuntu:latest"
- name: username
type: string
value: ""
- name: password
type: string
value: ""
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Find the Image-Get in the Sources dropdown.
- Set the URL of your image on the right. If your registry requires authentication, set the username and password on the right.
Options
You can configure this component with the following options. The options that have a default value are optional:
| Option Name | Description | Default | Type |
|---|---|---|---|
| [Required] image | Image to download, e.g. ubuntu:latest or ghcr.io/smithy-security/smithy:v1.0.0 | N/A | String |
| [Optional] username | Username to user for logging in to the registry if required | "" | String |
| [Optional] password | Password/Token to user for logging in to the registry if required | "" | String |