Update intbitset

[criztovyl]

I was looking around for a way to inspect (docker) container images on android (using termux, without root) and discovered this tool.

initially i ran into funny issues with intbitset due to python 3.11 (inveniosoftware-contrib/intbitset#81), but if you update intbitset to 3.0.2, the tool runs quite fine in termux! :)

unfortunately this tool cannot download images, but for that i used https://github.com/NotGlop/docker-drag.

[pombredanne]

@criztovyl Thanks! I happen to maintain https://github.com/inveniosoftware-contrib/intbitset so we can handle this easily enough.
FYI, ScanCode.io does the full processing of Docker images but requires Postgres... so may be too big to run inside Android ... but this can show you what to call in container inspector.
https://github.com/nexB/scancode.io/blob/main/scanpipe/pipelines/docker.py

Are you really trying to run "inside" an Android device?

NB: ScanCode.io does also download images from a container images registry/OCI using a bundled skopeo using this plugin https://github.com/nexB/scancode-plugins/tree/4df0cf04e1b7b6774ba6e983c7c57002f19327c9/builtins/fetchcode_container and this function https://github.com/nexB/scancode.io/blob/b10df0dbf5128f57e9dbc79d8eb5daa8f28eab7a/scanpipe/pipes/fetch.py#L214

[criztovyl]

Ah "inspecting" here means "curiously look into"; I do not intend to run ScanCode.io inspections on Android. :)

I shortly considered skopeo independently, but did not further look into it. It might be a fun challenge, though.

[pombredanne]

re:

unfortunately this tool cannot download images, but for that i used https://github.com/NotGlop/docker-drag.

This could be a nice way too, aside from skopeo.... Unfortunately there is no license there.... I pinged @NotGlop in NotGlop/docker-drag#35

[pombredanne]

Ah "inspecting" here means "curiously look into"; I do not intend to run ScanCode.io inspections on Android. :)

I shortly considered skopeo independently, but did not further look into it. It might be a fun challenge, though.

@criztovyl http://scancode.io should have a decent doc to get started.
The syntax for docker images download is docker://image:tag_or_hash as in docker://debian

Creating a project will look like this:

I reckon you you maybe looking for a CLI tool though you can also run ScanCode.io using the CLI and no UI. All the primitive functions are in this project as well as scancode-toolkit and fetchcode. scancode.io brings them together in a pipeline

[pombredanne]

The results look like this:

and you can get various outputs and SBOMs out too

The CLI tutorials is at https://scancodeio.readthedocs.io/en/latest/tutorial_cli_analyze_docker_image.html

[pombredanne]

@criztovyl https://github.com/NotGlop/docker-drag now has a license added by @NotGlop in NotGlop/docker-drag#35 but this is a GPL which does not work here for use in an Apache-licensed library. We could instead integrate fetchcode_container but I still think we are better off doing this in ScanCode.io unless we have a pure python utility for here.