mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.6 KiB
1.6 KiB
API Reference: Distroless Container Image Analysis Agent
Dependencies
| Library | Version | Purpose |
|---|---|---|
| trivy CLI | >=0.50 | Container vulnerability scanning (subprocess) |
| docker CLI | >=24.0 | Image inspection and property checks (subprocess) |
CLI Usage
python scripts/agent.py \
--images gcr.io/distroless/static-debian12 python:3.12-slim \
--compare python:3.12 gcr.io/distroless/python3-debian12 \
--output-dir /reports/
Functions
run_trivy_scan(image) -> dict
Runs trivy image --format json --severity CRITICAL,HIGH,MEDIUM.
get_image_size(image) -> int
Runs docker inspect --format {{.Size}} for byte count.
count_vulns_by_severity(scan_data) -> dict
Parses Trivy JSON Results for CRITICAL/HIGH/MEDIUM/LOW counts.
compare_images(base_image, distroless_image) -> dict
Scans both images, computes size and vulnerability reduction percentages.
check_distroless_properties(image) -> dict
Tests for shell access and package manager presence via docker run.
generate_report(images, distroless_pairs) -> dict
Full analysis with individual scans, comparisons, and summary.
Distroless Properties Checked
| Property | Check Method |
|---|---|
| Shell access | docker run --entrypoint "" image sh -c "echo" |
| Package manager | docker run --entrypoint "" image which apt/apk/yum |
Output Schema
{
"summary": {"images_scanned": 4, "minimal_images": 2},
"comparisons": [{"size_reduction_pct": 82.3, "vuln_reduction_pct": 95.0}],
"image_scans": [{"image": "gcr.io/distroless/static", "is_minimal": true}]
}