You can install aactl CLI using one of the following ways:
See the release section for aactl checksums and SBOMs.
If you have Go 1.17 or newer, you can install latest aactl using:
go install github.com/GoogleCloudPlatform/aactl/cmd/aactl@latestOn Mac or Linux, you can install aactl with Homebrew:
brew tap GoogleCloudPlatform/aactl https://github.com/GoogleCloudPlatform/aactl
brew install aactlNew release will be automatically picked up when you run brew upgrade
rpm -ivh https://github.com/GoogleCloudPlatform/aactl/releases/download/v$VERSION/aactl-$VERSION_Linux-amd64.rpmwget https://github.com/aquasecurity/aactl/releases/download/v$VERSION/aactl-$VERSION_Linux-amd64.deb
sudo dpkg -i aactl-$VERSION_Linux-64bit.debYou can also download the latest release version of aactl for your operating system/architecture from here. Put the binary somewhere in your $PATH, and make sure it has that executable bit.
The official
aactlreleases include SBOMs
Since you are interested in aactl, you probably already have GCP account and project. If not, you learn about creating and managing projects here. The other prerequisites include:
aactl also depends on a few GCP service APIs. To enable these, run:
gcloud services enable containeranalysis.googleapis.comMake sure you have the following Identity and Access Management (IAM) roles in each project:
Learn how to grant multiple IAM roles to a user here
roles/artifactregistry.reader
roles/containeranalysis.occurrences.editor
roles/containeranalysis.notes.editorIf you experience any issues, you can see the project level policy using following command:
gcloud projects get-iam-policy $PROJECT_ID --format=json > policy.jsonWhen running locally, aactl will look for Google account credentials in one of the well-known locations. To ensure your Application Default Credentials (ADC) are used by the aactl run this gcloud command and follow the prompts:
gcloud auth application-default loginMore about ADC here
Code in this repository is licensed under the Apache 2.0. See LICENSE.