leplusorg/xml

Sponsored OSS

By Leplus.org

Updated 5 days ago

Docker container with utilities to process XML data (xmllint...).

Image
Languages & Frameworks
Integration & Delivery
1

10K+

XML

Docker container with utilities to process XML data (xmllint, xsltproc...).

DockerfileDocker BuildDocker StarsDocker PullsDocker VersionCII Best PracticesOpenSSF Scorecard

Example not using the filesystem

Let's say that you have a file foo.xml that you want to reformat and save the result to bar.xml:

Mac/Linux

cat foo.xml | docker run --rm -i --net=none leplusorg/xml xmllint - > bar.xml

Windows

type foo.xml | docker run --rm -i --net=none leplusorg/xml xmllint - > bar.xml

Example requiring the filesystem

Assuming that you have a file foo.xml in your current working directory that you want to validate using foo.xsd:

Mac/Linux

docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v "$(pwd):/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --noout

Windows

In cmd:

docker run --rm -t --net=none -v "%cd%:/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --noout

In PowerShell:

docker run --rm -t --net=none -v "${PWD}:/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --noout

XSLT with Saxon HE

docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v "$(pwd):/tmp" leplusorg/xml java -jar /opt/saxon/run.sh -s:/tmp/source.xml -xsl:/tmp/stylesheet.xsl -o:/tmp/output.xml

See Saxon's documentation for more details regarding syntax and options.

Help

To know more command-line options of xmllint:

docker run --rm --net=none leplusorg/xml xmllint --help

Software Bill of Materials (SBOM)

To get the SBOM for the latest image (in SPDX JSON format), use the following command:

docker buildx imagetools inspect leplusorg/xml --format '{{ json (index .SBOM "linux/amd64").SPDX }}'

Replace linux/amd64 by the desired platform (linux/amd64, linux/arm64 etc.).

Sigstore

Sigstore is trying to improve supply chain security by allowing you to verify the origin of an artifcat. You can verify that the jar that you use was actually produced by this repository. This means that if you verify the signature of the ristretto jar, you can trust the integrity of the whole supply chain from code source, to CI/CD build, to distribution on Maven Central or whever you got the jar from.

You can use the following command to verify the latest image using its sigstore signature attestation:

cosign verify leplusorg/xml --certificate-identity-regexp 'https://github\.com/leplusorg/docker-xml/\.github/workflows/.+' --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'

The output should look something like this:

Verification for index.docker.io/leplusorg/xml:main --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates

[{"critical":...

For instructions on how to install cosign, please read this documentation.

Request new tool

Please use this link (GitHub account required) to request that a new tool be added to the image. I am always interested in adding new capabilities to these images.

Docker Pull Command

docker pull leplusorg/xml