creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/securing-container-registry-images/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

57 lines
1.9 KiB
Markdown
Raw Blame History

# API Reference: Securing Container Registry Images
## Trivy CLI
```bash
trivy image [OPTIONS] IMAGE
```
| Flag | Description |
|------|-------------|
| `--severity` | Filter by severity: CRITICAL,HIGH,MEDIUM,LOW |
| `--format` | Output format: table, json, sarif, spdx-json |
| `--exit-code 1` | Exit with code 1 if vulnerabilities found |
| `--scanners` | Scanner types: vuln, misconfig, secret |
| `--output FILE` | Write results to file |
## Cosign CLI
| Command | Description |
|---------|-------------|
| `cosign sign --key KEY IMAGE` | Sign an image with a private key |
| `cosign verify --key KEY IMAGE` | Verify image signature |
| `cosign generate-key-pair` | Generate signing key pair |
| `cosign attest --predicate FILE IMAGE` | Attach signed attestation |
| `cosign attach sbom --sbom FILE IMAGE` | Attach SBOM to image |
## Syft CLI (SBOM Generation)
```bash
syft IMAGE -o FORMAT > output.json
```
Formats: `spdx-json`, `cyclonedx-json`, `table`, `json`
## boto3 ECR Client
| Method | Description |
|--------|-------------|
| `describe_repositories()` | Get repository config (scan settings, mutability) |
| `put_image_scanning_configuration()` | Enable/disable scan on push |
| `put_image_tag_mutability()` | Set tag immutability (MUTABLE/IMMUTABLE) |
| `put_lifecycle_policy()` | Set image cleanup rules |
| `describe_image_scan_findings()` | Get scan results for an image |
| `list_images()` | List images (filter by tagged/untagged) |
| `get_lifecycle_policy()` | Get current lifecycle policy |
### ECR Scan Findings Structure
```python
{
"findingSeverityCounts": {"CRITICAL": 2, "HIGH": 5},
"findings": [
{"name": "CVE-2024-xxxx", "severity": "CRITICAL", "uri": "..."}
]
}
```
## References
- Trivy docs: https://aquasecurity.github.io/trivy/
- Cosign docs: https://docs.sigstore.dev/cosign/overview/
- Syft docs: https://github.com/anchore/syft
- ECR API: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ecr.html
Reference in New Issue View Git Blame Copy Permalink