veinmind-sensitive is a mirror sensitive information scanning tool developed by Changting Technology
- Quickly scan the image for sensitive information
- Support sensitive information scanning rule customization
- Supports weak password scanning of 'containerd'/' dockerd 'image file systems
- linux/amd64
- linux/386
- linux/arm64
- linux/arm
Please install libveinmind, installation method can refer to [official documentation] (https://github.com/chaitin/libveinmind)
make run ARG="scan xxx"
Compile the executable
make build
Run the executable file for scanning
chmod +x veinmind-sensitive && ./veinmind-sensitive scan xxx
Make sure you have 'docker' and 'docker-compose' installed on your machine
make run.docker ARG="scan xxxx"
Build the 'veinmind-sensitive' image
make build.docker
Run the container to scan
docker run --rm -it --mount 'type=bind,source=/,target=/host,readonly,bind-propagation=rslave' veinmind-sensitive scan xxx
- Specify the image name or image ID and scan (if the image exists locally)
./veinmind-sensitive scan image [imagename/imageid]
- Scan all local images
./veinmind-sensitive scan image
Specify the output type Supported output formats:
- html
- json
- cli (default)
./veinmind-sensitive scan image [imageID/imageName] -f html
The resulting result.html looks like this:
-id: Rule identifier -description: Description of the rule -match: This is a content-matching rule, which defaults to regular -filepath: Path matching rule (regular by default -env: Environment variable matching rules; defaults to regular and ignores case