New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

github.com/containers/image

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/containers/image

  • v3.0.2+incompatible
  • Source
  • Go
  • Socket score

Version published
Created
Source

GoDoc Build Status

image is a set of Go libraries aimed at working in various way with containers' images and container image registries.

The containers/image library allows application to pull and push images from container image registries, like the upstream docker registry. It also implements "simple image signing".

The containers/image library also allows you to inspect a repository on a container registry without pulling down the image. This means it fetches the repository's manifest and it is able to show you a docker inspect-like json output about a whole repository or a tag. This library, in contrast to docker inspect, helps you gather useful information about a repository or a tag without requiring you to run docker pull.

The containers/image library also allows you to translate from one image format to another, for example docker container images to OCI images. It also allows you to copy container images between various registries, possibly converting them as necessary, and to sign and verify images.

Command-line usage

The containers/image project is only a library with no user interface; you can either incorporate it into your Go programs, or use the skopeo tool:

The skopeo tool uses the containers/image library and takes advantage of many of its features, e.g. skopeo copy exposes the containers/image/copy.Image functionality.

Dependencies

This library does not ship a committed version of its dependencies in a vendor subdirectory. This is so you can make well-informed decisions about which libraries you should use with this package in your own projects, and because types defined in the vendor directory would be impossible to use from your projects.

What this project tests against dependencies-wise is located in vendor.conf.

Building

If you want to see what the library can do, or an example of how it is called, consider starting with the skopeo tool instead.

To integrate this library into your project, put it into $GOPATH or use your preferred vendoring tool to include a copy in your project. Ensure that the dependencies documented in vendor.conf are also available (using those exact versions or different versions of your choosing).

This library, by default, also depends on the GpgME and libostree C libraries. Either install them:

Fedora$ dnf install gpgme-devel libassuan-devel ostree-devel
macOS$ brew install gpgme

or use the build tags described below to avoid the dependencies (e.g. using go build -tags …)

Supported build tags

  • containers_image_openpgp: Use a Golang-only OpenPGP implementation for signature verification instead of the default cgo/gpgme-based implementation; the primary downside is that creating new signatures with the Golang-only implementation is not supported.
  • containers_image_ostree: Import ostree: transport in github.com/containers/image/transports/alltransports. This builds the library requiring the libostree development libraries. Otherwise a stub which reports that the transport is not supported gets used. The github.com/containers/image/ostree package is completely disabled and impossible to import when this build tag is not in use.

Contributing

Information about contributing to this project.

When developing this library, please use make (or make … BUILDTAGS=…) to take advantage of the tests and validation.

License

Apache License 2.0

SPDX-License-Identifier: Apache-2.0

Contact

FAQs

Package last updated on 07 Aug 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc