Facebook Pixel

ANNOUNCEMENT: Carbonetes’ open-source tools Jacked, BOM Diggity, and BrainIAC are out now!

ANNOUNCEMENT: Carbonetes' Lite app is now available. Try it out now!

Introducing Jacked

Jacked provides organizations with a more comprehensive look at their application to take calculated actions and create a better security approach. Its primary purpose is to scan vulnerabilities to implement subsequent risk mitigation measures.

GET STARTED
RELEASES

Scans image vulnerability; checks if your image is at risk

Configuration that helps user’s preference using the tool

Works seamlessly with BOM Diggity

Converts results to JSON and Tabulated Format

Works with major operating system and many packages

Jenkins Plugin

Ensure code quality for faster software delivery.

  • Image, Tar, and Directory Scanning
  • Severity Fail Criteria
  • Ignore CVEs and Package Names
  • Skip Build Fail and Database Update

Azure DevOps Plugin

Enhance productivity and streamline development processes.

  • Image, Tar, and Directory Scanning
  • Severity Fail Criteria
  • Skip Build Fail
  • Skip Database Update

Jacked GitHub Action

Utilize Jacked for seamless image vulnerability scanning.

  • Directory Scanning
  • Severity Fail Criteria

Supported Installation OS

Jacked currently supports the following operating systems:

WINDOWS INSTALLATION

With Windows OS’ amd64 achitecture, you can seamlessly run our newest open-source tool program to protect your images against any possible threat.

MAC INSTALLATION

Scan image vulnerability on any Mac operating system because Jacked supports arm64 and amd64 architecture

LINUX INSTALLATION

Jacked can easily detect security issues in your images. The open-source tool can run in the amd64, arm64, ppc64le, and s390x architecture of the Linux operating system.

Installation Guide

You can improve your code security. Install Jacked the newest open-source analysis scanning tool in the market today!

Build

$ git clone https://github.com/carbonetes/jacked 
$ go install

Recommended

A great way to install a working binary tool on your terminal.

curl -sSfL https://raw.githubusercontent.com/carbonetes/jacked/main/install.sh | sh -s -- -d /usr/local/bin

You can specify a release version and destination directory for the installation:

curl -sSfL https://raw.githubusercontent.com/carbonetes/jacked/main/install.sh | sh -s -- -d <DESTINATION_DIR> -v <RELEASE_VERSION>

Homebrew

brew tap carbonetes/jacked
brew install jacked

Scoop

scoop bucket add jacked https://github.com/carbonetes/jacked-bucket 
scoop install jacked

Useful Commands and Flags

jacked [command] [flag]
SubCommandDescription
configDisplay the current configurations
db Display the database information
versionDisplay Build Version Information of Jacked

Available Commands and their flags with description:

jacked [flag]
Root FlagsDescription
--sbom string Input sbom file from diggity to scan (Only read from json file)
-d --dir string Read directly from a path on disk (any directory) (e.g. 'jacked path/to/dir)'
-t --tar string Read a tarball from a path on disk for archives created from docker save (e.g. 'jacked path/to/image.tar)'
--disable-file-listing Disables file listing from package metadata (default false)
--enabled-parsers stringArray Specify enabled parsers ([apk debian java npm composer python gem rpm dart nuget go]) (default all)
-l --licenses Enable scanning for package licenses
-o --output string Show scan results in "table", "json", "cyclonedx-json", "cyclonedx-xml", "spdx-json", "spdx-xml", "spdx-tag-value" format (default "table"
--registry-uri string Registry uri endpoint (default "index.docker.io/")
--registry-token string Access token for private registry access
--registry-username string Username credential for private registry access
--registry-password string Password credential for private registry access
--secret-exclude-filenames stringArray Exclude secret searching for each specified filenames
--secret-max-file-size in Maximum file size that the secret will search -- each file (default 10485760)
-v --version Print application version
--ignore-package-names Specify package names to be whitelisted on the result
--ignore-vuln-cves Specify CVEs to be whitelisted on the result
jacked config [flag]
Config FlagsDescription
-d --displayDisplays the content of the configuration file.
-h --helpHelp for configuration.
-p --pathDisplays the path of the configuration file.
-r --resetRestores default configuration file.
jacked db [flag]
Database FlagsDescription
-i --infoPrint database metadata information
-v --versionPrint database current version
jacked version [flag] [string]
Database FlagsDescription
-f --formatPrint application version format (json, text) (default "text")

Get started with Jacked

GitHub
Skip to content