diff --git a/bash/containers/falcon-container-sensor-pull/README.md b/bash/containers/falcon-container-sensor-pull/README.md index c756c0b..dd08ecb 100644 --- a/bash/containers/falcon-container-sensor-pull/README.md +++ b/bash/containers/falcon-container-sensor-pull/README.md @@ -80,7 +80,7 @@ Optional Flags: -c, --copy Registry to copy the image to, e.g., myregistry.com/mynamespace -v, --version Specify sensor version to retrieve from the registry -p, --platform Specify sensor platform to retrieve, e.g., x86_64, aarch64 - -t, --type Specify which sensor to download [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent] (Default: falcon-container) + -t, --type Specify which sensor to download [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent|fcs] (Default: falcon-container) --runtime Use a different container runtime [docker, podman, skopeo] (Default: docker) --dump-credentials Print registry credentials to stdout to copy/paste into container tools @@ -110,7 +110,7 @@ Help Options: | `-c`, `--copy ` | `$COPY` | `None` (Optional) | Registry you want to copy the sensor image to. Example: `myregistry.com/mynamespace` | | `-v`, `--version ` | `$SENSOR_VERSION` | `None` (Optional) | Specify sensor version to retrieve from the registry | | `-p`, `--platform ` | `$SENSOR_PLATFORM` | `None` (Optional) | Specify sensor platform to retrieve from the registry | -| `-t`, `--type ` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`] ([see more details below](#sensor-types)) | +| `-t`, `--type ` | `$SENSOR_TYPE` | `falcon-container` (Optional) | Specify which sensor to download [`falcon-container`, `falcon-sensor`, `falcon-kac`, `falcon-snapshot`, `falcon-imageanalyzer`, `kpagent`, `fcs`] ([see more details below](#sensor-types)) | | `--runtime` | `$CONTAINER_TOOL` | `docker` (Optional) | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**. | | `--dump-credentials` | `$CREDS` | `False` (Optional) | Print registry credentials to stdout to copy/paste into container tools | | `--get-image-path` | N/A | `None` | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`. | @@ -141,6 +141,7 @@ The following sensor types are available to download: | `falcon-snapshot` | The Falcon Snapshot scanner | | `falcon-imageanalyzer` | The Falcon Image Assessment at Runtime | | `kpagent` | The Falcon Kubernetes Protection Agent | +| `fcs` | The Falcon Cloud Security CLI tool | ### Examples diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh index fb1d73f..c9eb5f4 100755 --- a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh +++ b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh @@ -22,7 +22,7 @@ Optional Flags: -c, --copy Registry to copy the image to, e.g., myregistry.com/mynamespace -v, --version Specify sensor version to retrieve from the registry -p, --platform Specify sensor platform to retrieve, e.g., x86_64, aarch64 - -t, --type Specify which sensor to download [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent] (Default: falcon-container) + -t, --type Specify which sensor to download [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent|fcs] (Default: falcon-container) --runtime Use a different container runtime [docker, podman, skopeo] (Default: docker) --dump-credentials Print registry credentials to stdout to copy/paste into container tools @@ -244,7 +244,7 @@ format_tags() { local all_tags=$1 case "${SENSOR_TYPE}" in - "kpagent" | "falcon-snapshot" | "falcon-imageanalyzer") + "kpagent" | "falcon-snapshot" | "falcon-imageanalyzer" | "fcs") echo "$all_tags" | sed -n 's/.*"tags" : \[\(.*\)\].*/\1/p' | tr -d '"' | tr ',' '\n' | @@ -390,6 +390,9 @@ display_api_scopes() { falcon-snapshot) echo "Sensor Download [read], Snapshot Scanner Image Download [read]" ;; + fcs) + echo "Sensor Download [read], Infrastructure as Code [read]" + ;; *) die "Unknown sensor type: ${sensor_type}" ;; @@ -434,10 +437,10 @@ fi # Check if SENSOR_TYPE is set to a valid value case "${SENSOR_TYPE}" in - falcon-container | falcon-sensor | falcon-kac | falcon-snapshot | falcon-imageanalyzer | kpagent) ;; + falcon-container | falcon-sensor | falcon-kac | falcon-snapshot | falcon-imageanalyzer | kpagent | fcs) ;; *) die """ Unrecognized sensor type: ${SENSOR_TYPE} - Valid values are [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent]""" ;; + Valid values are [falcon-container|falcon-sensor|falcon-kac|falcon-snapshot|falcon-imageanalyzer|kpagent|fcs]""" ;; esac #Check all mandatory variables set @@ -565,6 +568,12 @@ elif [ "${SENSOR_TYPE}" = "kpagent" ]; then repository_name="kpagent" registry_type="kubernetes-protection" registry_opts="kubernetes_protection" +elif [ "${SENSOR_TYPE}" = "fcs" ]; then + # overrides for FCS + ART_USERNAME="fh-$cs_falcon_cid" + IMAGE_NAME="fcs" + repository_name="$BUILD_STAGE/cs-fcs" + registry_type="iac" fi #Set Docker token using the BEARER token captured earlier