From fb9580f69f168bc3e93188ec9f87249d2f21e724 Mon Sep 17 00:00:00 2001
From: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
Date: Fri, 24 Mar 2023 13:43:28 +0100
Subject: [PATCH] Create script for SBOM and Vulnerabilities analysis of the
 solution docker images

- add README with prerequisites and usage

Issue-ID: OAM-318
Change-Id: I51ca24700bff5a4032a1f1d7f1665216aa47360b
Signed-off-by: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
---
 code/container-analysis/README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 code/container-analysis/README.md

diff --git a/code/container-analysis/README.md b/code/container-analysis/README.md
new file mode 100644
index 0000000..d48fd6a
--- /dev/null
+++ b/code/container-analysis/README.md
@@ -0,0 +1,31 @@
+# Container Analysis
+
+This directory contains a script to output Software Bill of Materials (SBOM)tree and vulnerabilities of running docker images.
+
+## Prerequisites
+
+The script depend on the [Syft](https://github.com/anchore/syft) project and the [Grype](https://github.com/anchore/grype) project.
+
+### Installing syft
+
+```
+curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+```
+
+### Installing grype
+
+```
+curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+```
+
+## Usage
+
+Once your docker containers are up and running just use:
+
+```
+./container-analysis.sh
+```
+
+Note: It takes time ...
+
+You will find the results in the 'out' folder.
\ No newline at end of file
-- 
2.16.6