Containers

Container images

The Cinc Project publishes official container images for Cinc Client, Cinc Auditor, and Cinc Workstation on Docker Hub under the cincproject organization. They follow the same release cadence as the binary packages.

ℹ️

There is no Cinc Server container today. Cinc Server is built as an omnibus package and is intended to run as a long-lived service on a host (or VM); containerizing it is a non-trivial exercise we haven’t tackled. If you’re interested in contributing one, get in touch on #community-distros.

Available images

Image	Purpose	Approximate size
`cincproject/cinc`	Cinc Client — primarily intended for kitchen-dokken	~60 MB
`cincproject/auditor`	Cinc Auditor — running InSpec-compatible profiles in CI / against containers	~180 MB
`cincproject/workstation`	Cinc Workstation — full authoring toolchain in CI or for ephemeral dev environments	~440 MB

Tagging scheme

Each image publishes:

latest — the most recent version promoted to the stable channel.
Major version tags — 19, 18, … for Cinc Client; 7, 6, … for Auditor; matching the version tags used on the binary releases.
Minor version tags — 19.0, 18.7, … — track the latest patch on a given minor line.
Full semver tags — pinned to a specific release (e.g. 19.0.0).

Pin to a major version in production (cincproject/cinc:19) — it’s a reasonable balance between “stay on supported releases” and “don’t accidentally jump majors.”

Cinc Client (`cincproject/cinc`)

Designed for use with kitchen-dokken, which runs Cinc Client inside a container to converge cookbooks against another container. With kitchen-dokken 2.23.0+, setting product_name: cinc on the provisioner picks up this image automatically:

driver:
  name: dokken

provisioner:
  name: dokken
  product_name: cinc

See Test Kitchen with Cinc for the full set of test-kitchen options (including kitchen-cinc for non-dokken drivers).

The image is also usable as a standalone Cinc Client runtime, but in that mode you generally want a regular Cinc install on the target host rather than a container.

Cinc Auditor (`cincproject/auditor`)

A drop-in replacement for the upstream chef/inspec image. Run a profile against a remote target:

docker run --rm -it cincproject/auditor:7 \
  exec https://github.com/dev-sec/linux-baseline -t ssh://user@host -i ~/.ssh/id_rsa

Scan a Docker image:

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock \
  cincproject/auditor:7 exec my-profile -t docker://target-container

This image is well-suited for CI pipelines (GitLab CI, GitHub Actions) running compliance checks as part of your build.

Cinc Workstation (`cincproject/workstation`)

Includes the full Workstation toolchain: cinc, cinc-client, cinc-auditor, knife, test-kitchen, cookstyle, chefspec, and the rest. Useful for:

CI pipelines that lint cookbooks, run unit tests, or invoke knife against a Cinc/Chef Server.
Ephemeral dev environments where you don’t want to install the full Workstation locally.

Example: lint a cookbook in CI:

docker run --rm -v "$PWD":/work -w /work cincproject/workstation:latest \
  cookstyle .

Or run knife against a remote Cinc Server:

docker run --rm -it -v "$PWD/.chef":/root/.chef cincproject/workstation:latest \
  knife node list

Where to file container issues

Container bugs go to the same GitLab project as the underlying product:

Client image: distribution/client
Auditor image: distribution/auditor
Workstation image: distribution/cinc-workstation

The Dockerfiles live alongside the build configuration in each repo on the stable/cinc branch (or main for Workstation, which is a fork).

Server Migration