Help needed with "interesting" commands

General
1

I’m putting together a few slides that will become a silent video running on a TV on our stand at All Things Open next week. I wanted to have some “interesting” uses of our command line tools shown as embedded videos. I can come up with some standard basic ones, but wondered if you seasoned tools users and developers had some suggestions for something interesting to see in a short GIF/MP4.

Below are some examples of what they kinda look like when made. I may speed them up or slow them down, that’s not set in stone. Some notes:

  • They’re intentionally slowed down in places so someone passing by doesn’t just see a flash
  • I should probably focus on application containers, and not OS ones, as they’re mostly boring
  • That said, it might be interesting to highlight Azure Linux 3, as that’s quite new
  • I’d like some examples beyond the basics
  • There will be subtitles on screen explaining what people are seeing
  • I’m not asking anyone to make GIFs, I can make those
  • Ignore that some have and some do not have drop-shadow

syft alpine:latest

rec-2024-10-22_11:05:1729591558

grype ubuntu:latest

rec-2024-10-22_11:11:1729591862

grant check alpine:latest --osi-approved --show-packages

rec-grant_check_alpine:latest_--osi-approved_--show-packages_1

Suggestions welcome!

2

Get all files and sha256 digests cataloged in the SBOM:

syft ubuntu:latest -o json | jq -r '[.files[] | select(.digests != null) | {path: .location.path, sha256: (.digests[]? | select(.algorithm == "sha256").value)}] | unique_by(.path)[] | select(.sha256 != null) | "\(.sha256) \(.path)"'

Find all executable files:

syft fedora:latest -o json | jq '.files[] | select(.executable != null)'

Find executables missing security features (in this case stack canaries):

syft fedora:latest -o json | jq '.files[] | select(.executable != null and .executable.elfSecurityFeatures.stackCanary == false).location.path'

Find which libraries all binaries on the system import:

syft fedora:latest -o json | jq '.files[] | select(.executable != null) | {"binary": .location.path, "imports": [.executable.importedLibraries]}'
1 Like
3

A worse suggestion is to see a list of interesting files Syft did not find packages for:

syft maven:latest -o json | jq '.files.[]|select(.unknowns)|{location,unknowns}|.location.path+" - "+(.unknowns|join(", "))'
1 Like
4

For grant here are a couple:

This gets the working compliance document as

syft -o json node:latest | grant -o json list | jq . > compliance.json

This will give you all licenses that were able to be discovered with a reference. I’ve listed the data structure in the output below this command:

jq '.results[] | select(.license.reference != "") | {license_name: .license.name, reference: .license.reference, packages: [.packages[].name]}' compliance.json

Example of an item in this list - license name and packages associated

{
  "license_name": "Open LDAP Public License v2.8",
  "reference": "https://spdx.org/licenses/OLDAP-2.8.html",
  "packages": [
    "curl",
    "libcurl3-gnutls",
    "libcurl4",
    "libcurl4-openssl-dev"
  ]
}

This will print all licenses and their packages without a reference

jq '.results[] | select(.license.reference == "") | {license_name: .license.name, packages: [.packages[].name]}' compliance.json
1 Like
5

Sure stuff chaps! Thank you! :smiley:

6

Some examples of what I cranked out. I piped them through pv -qL $NUM to slow down the output. That way I can have the gif play out, and people can just about read what’s happening. Using 20 for $NUM when “typing” and 200 or even up to 512K (bytes per sec) when outputting a lot of text. The only downside of this is that piping through pv strips the beautiful color out :frowning:

0050-syft_find_executables-2024-10-23_16:53:1729698780

I took some of your examples and reworked them to also give shorter results, so we can specifically point to one section. For example this one does the same as the one above, but only shows output for /usr/bin/bash, not all files.

0051-syft_find_executables_only_bash-2024-10-23_17:13:1729700031

Also, for funzies, I also made mobile friendly versions to see how that would work :smiley:

0051-syft_find_executables_only_bash-2024-10-23_18:19:1729703989

7

Thanks to @wagoodman and @willmurphy for recommending vhs from charmbracelet. It’s so much nicer to use, more configurable and faster than t-rec!

Output ./Videos/syft_alpine.latest.gif

Require echo

Set Shell "bash"
Set FontSize 32
Set Width 1200
Set Height 600
Set WindowBar Colorful
Set Theme catppuccin-macchiato
Set Margin 20
Set MarginFill "#0f40c0"
Set BorderRadius 10
Set Framerate 60
Set PlaybackSpeed 0.5

Type "syft alpine:latest" Sleep 500ms Enter

Sleep 5s

syft_alpine.latest

1 Like