Software Containers

You must log in or register to view this page

Containerization.SoftwareContainers is a unified pattern module used for identifying container runtime, executing appropriate commands, and modeling the SoftwareInstance, SoftwareContainer, and ContainerImage node kinds.

With the introduction of Containerization.SoftwareContainers in TKU June 2025, the following container-related patterns were deprecated (however, the corresponding containerd SoftwareInstances are still modeled):

For more information about the containers discovery approach, see theofficial BMC Helix Discovery documentation.

Components

The pattern module consists of the following major components: 

Runtime functions

The following pattern local functions are used to obtain the containers and image details:

  • common
  • containerd
  • crictl
  • crio
  • crun
  • ctr
  • docker
  • nerdctl
  • podman
  • runc

Common functions

The following pattern local common functions are used to build container context tables, extract various data builds, and destroy nodes:

  • buildContext
  • createManagementRelationships
  • createNodes
  • dirname
  • extractCRIAnnotations
  • extractTagValues
  • finalizeContainerData
  • finalizeImageData
  • getDiscoveryUID
  • getProductVersion
  • initContainerData
  • initImageData
  • removeOldNodes
  • splitRepoDigest
  • splitRepoTag
  • updateContainerImageIds
  • updateFromRepoValues
  • validateOutput

Patterns

LinuxHost—The LinuxHost pattern is triggered by the Host node where the platform is Linux and detects software containers.

Platforms supported by the pattern

The pattern currently supports only Linux hosts.

Commands executed by the pattern

The following table gives details about commands that are executed by the Containerization.SoftwareContainers pattern module:

RuntimeCommandGoal
crun
 		id -uObtain the BMC Helix Discovery user ID.
crun list --format json 2>/dev/nullList the running containers.
PRIV_RUNCMD crun list --format json 2>/dev/nullList the running containers with privilege elevation.
PRIV_RUNCMD runuser -l $(id -un %uid%) -c crun list --format json 2>/dev/nullList the running containers under a different user.
Dockerdocker inspect $(docker ps -q 2>/dev/null) 2>/dev/nullList the running containers.
PRIV_RUNCMD docker inspect $(PRIV_RUNCMD docker ps -q 2>/dev/null) 2>/dev/nullList the running containers with privilege elevation.
docker image inspect $(docker images -q 2>/dev/null) 2>/dev/nullList the images.
PRIV_RUNCMD docker image inspect $(PRIV_RUNCMD docker images -q 2>/dev/null) 2>/dev/nullList the images with privilege elevation.
docker node ls --format '{{.ID}} : {{.Hostname}} : {{.ManagerStatus}}Detect a Swarm and obtain node details.
docker node ls | awk '{if (NR!=1) {if ($2 == "*") {printf("%s : %s : %s\n", $1, $3, $NF);} else {printf("%s : %s : %s\n", $1, $2, $NF);}}}'Detect a Swarm and obtain node details when the Docker node ls doesn't support --format.
docker versionObtain the version and verify the runtime.
<binary_path>/dockerd --versionObtain the version and verify the runtime.
Podmanid -uObtain the BMC Helix Discovery user ID.
podman ps --no-trunc --format json 2>/dev/nullList the running containers.
PRIV_RUNCMD podman ps --no-trunc --format json 2>/dev/nullList the running containers with privilege elevation.
PRIV_RUNCMD runuser -l $(id -un %uid%) -c podman ps --no-trunc --format json 2>/dev/nullList the running containers under a different user.
podman ps --no-trunc --format json 2>/dev/nullList the images.
PRIV_RUNCMD podman ps --no-trunc --format json 2>/dev/nullList the images with privileges.
PRIV_RUNCMD runuser -l $(id -un %uid%) -c podman ps --no-trunc --format json 2>/dev/nullList the images under a different user.
podman infoObtain the configuration.
nerdctl
 		nerdctl --namespace %namespace% ps --no-trunc -q 2>/dev/nullList the running containers.
PRIV_RUNCMD nerdctl --namespace %namespace% ps --no-trunc -q 2>/dev/nullList the running containers with privilege elevation.
nerdctl inspect %container_id% 2>/dev/nullObtain the details of each container.
PRIV_RUNCMD nerdctl inspect %container_id% 2>/dev/nullList the running containers with privilege elevation.
nerdctl image inspect $(nerdctl --namespace %namespace% images -q 2>/dev/null | sort -u) 2>/dev/nullList the images.
nerdctl versionObtain the version and verify the runtime.
PRIV_RUNCMD nerdctl versionObtain the version and verify the runtime (with privileged execution).
crictl
 		crictl ps --output json 2>/dev/nullList the running containers.
PRIV_RUNCMD crictl ps --output json 2>/dev/nullList the running containers with privilege elevation.
crictl images --digests --no-trunc --output json 2>/dev/nullList the images.
PRIV_RUNCMD crictl images --digests --no-trunc --output json 2>/dev/nullList the images with privilege elevation.
crictl versionObtain the version and verify the runtime.
PRIV_RUNCMD crictl versionObtain the version and check the runtime with privilege elevation.
CRI-Ocri-o --versionObtain the version.
cri-o configObtain the configuration.
ctr
 		ctr --namespace <namespace> task list 2>/dev/nullList the running containers.
PRIV_RUNCMD ctr --namespace <namespace> task list 2>/dev/nullList the running containers with privilege elevation.
ctr --namespace %namespace% container info %container_id% 2>/dev/nullObtain the container details of each container_id.
PRIV_RUNCMD ctr --namespace %namespace% container info %container_id% 2>/dev/nullObtain the container details of each container_id (with privileged execution).
ctr --namespace %namespace% image list 2>/dev/nullList the images.
PRIV_RUNCMD ctr --namespace %namespace% image list 2>/dev/nullList the images with privilege elevation.
ctr versionObtain the version and check the runtime.
PRIV_RUNCMD ctr versionObtain the version and verify the runtime with privilege elevation.
runcrunc --root <root> list --format json 2>/dev/nullList the running containers.
PRIV_RUNCMD runc --root <root> list --format json 2>/dev/nullList the running containers with privilege elevation.

Nodes modeled by the pattern

The Containerization.SoftwareContainers pattern module models the following nodes:

Software Instance

The Containerization.SoftwareContainers pattern models the Software Instance node kinds of the following types:

Runtime         containerd          CRI-O          Docker         Podman
Attributes
  • key='containerd/%host.key%
  • name 
  • short_name 
  • type = containerd
  • version 
  • product_version
  • key='CRI-O/%host.key%
  • name 
  • short_name 
  • type=CRI-O
  • version 
  • product_version
  • config_path
  • control_socket_path 
  • listening_ports
  • default_runtime 
  • key='Docker/%host.key%
  • name 
  • short_name 
  • type=Docker
  • version 
  • product_version
  • key='Podman/%host.key%
  • name 
  • short_name 
  • type=Podman
  • version 
  • product_version
  • config_path

Software Container

The Containerization.SoftwareContainers pattern module models the Software Container node kinds of the following types:

  • key = <host.key>/<container_id>,
  • name
  • type = "Linux Container",
  • short_name 
  • count 
  • image_id
  • image
  • image_digest
  • container_name
  • container_id
  • contained_pid
  • pod_id
  • pod_name
  • pod_namespace
  • listening_ports

Container Image

The Containerization.SoftwareContainers pattern models the Container Image node kinds of the following types:

  • key= <digest> or key=<repo_tags[0]>
  • id
  • name
  • short_name
  • digest
  • repository
  • repo_digests
  • repo_tags
  • tag
  • tag_set

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*