Container Image Inventory Tool imgtrack

IT Asset Management (Cloud)
To track and correctly license the software deployed within a container, you must know either:
  • What software is available within the container while the container is running; or
  • What software is present in the image (the application binaries, libraries, configuration files, language run-times, and so on) from which the container is (or is going to be) instantiated.

The first approach is straight-forward: you can collect software inventory from a running container using (for example) the Flexera Kubernetes Inventory Agent. This can use the "zero footprint inventory collection" method, where the FlexNet Inventory Scanner (on UNIX-like platforms, is injected into a running container, executed to collect software inventory, and then removed. This strategy is very convenient, but it can be intrusive and may require permissions within the container management platform that are not acceptable for high security organizations. For this reason, Flexera Kubernetes Inventory Agent allows the feature to be disabled; and the alternative Lightweight Kubernetes Inventory Agent does not include the inventory-collection feature at all. In these cases, some other means of obtaining an inventory of the software within container images must be used.

The imgtrack tool uses the second approach. Rather than operating on live application containers as they are executing, imgtrack is run separately from the container management platform, ideally as part of a continuous integration/continuous deployment (CI/CD) system. This is rather like the program "static analysis" technique where the text of the code is analysed in detail before it is run, so we refer to this strategy as static analysis of the container image.

imgtrack is a Bash shell script invoked on the command line of a suitable Linux-based computer. It leverages the standard FlexNet Inventory Scanner and a locally-running instance of Docker to produce a standard Flexera inventory (.ndi) file from a target container image, optionally uploading that result to your chosen inventory beacon.

In this chapter:
  • The prerequisites for the Linux device(s) where you may wish to execute imgtrack
  • How to obtain and position the imgtrack script.

IT Asset Management (Cloud)