Quick start
To help you get started using Black Duck Docker Inspector, here's a simple example.
Step 1: Determine the repo:tag of the Docker image you want to inspect
To run Black Duck Docker Inspector on a Docker image from Docker Hub, use Docker Hub to identify the repo:tag of the image you want to inspect. For example: ubuntu:latest.
To run Black Duck Docker Inspector on an image that is already on your machine (perhaps because you built it), use the REPOSITORY and TAG columns from the output of the docker images command to identify the repo:tag of the image you want to inspect.
On the Black Duck Docker Inspector command line, pass your repo:tag using this argument:
--docker.image={repo}:{tag}
Step 2 (optional): Determine your Black Duck URL and credentials
To enable Black Duck Docker Inspector to upload results to Black Duck, you will need a Black Duck URL, username, and password. (For information on using an API token to authenticate with Black Duck, refer to Properties).
On the Black Duck Docker Inspector command line, pass your Black Duck connection details using the following arguments:
--blackduck.url={your Black Duck URL}
--blackduck.username={your Black Duck username}
--blackduck.password={your Black Duck password}
As an alternative, to run Black Duck Docker Inspector without connecting to Black Duck, pass this argument on the command line:
--upload.bdio=false
Step 3: Run Black Duck Docker Inspector
To inspect an image and upload the results to Black Duck:
bash <(curl -s https://blackducksoftware.github.io/blackduck-docker-inspector/blackduck-docker-inspector.sh) --blackduck.url={your Black Duck URL} --blackduck.username={your Black Duck username} --blackduck.password={your Black Duck password} --docker.image={repo}:{tag}
Step 4: Review your results in Black Duck
To see your results, log into Black Duck, and look for a project with a name matching the docker image repo. The version name will match the docker image tag.