forked from PeterMosmans/tools-image
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
96 lines (80 loc) · 3.17 KB
/
Dockerfile
File metadata and controls
96 lines (80 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Use a base image to build (and download) the tools on
FROM node:current-bullseye-slim as build
LABEL maintainer="[email protected]"
LABEL vendor="Go Forward"
WORKDIR /
COPY requirements.txt .
ENV DEBIAN_FRONTEND=noninteractive
# Install necessary binaries
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
python3-dev \
python3-pip \
python3-setuptools \
python3-venv \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Create virtual environment
RUN python3 -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
# Install the latest version of wheel first, as that is not installed by default
# hadolint ignore=DL3013
RUN python3 -m pip install wheel --no-cache-dir
# Install packages as specified in the requirements.txt file
RUN python3 -m pip install -r requirements.txt --no-cache-dir
# Download and unzip sonar-scanner-cli
RUN curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip -o /tmp/scanner.zip && \
unzip /tmp/scanner.zip -d /tmp/sonarscanner && \
mv /tmp/sonarscanner/sonar-scanner-4.6.2.2472-linux /usr/lib/sonar-scanner
# Clone nikto.pl
RUN git clone --depth=1 https://github.com/sullo/nikto /tmp/nikto && \
rm -rf /tmp/nikto/program/.git && \
mv /tmp/nikto/program /usr/lib/nikto
# Clone testssl.sh
RUN git clone --depth=1 https://github.com/drwetter/testssl.sh /tmp/testssl && \
mkdir /usr/lib/testssl && \
mv /tmp/testssl/bin/openssl.Linux.x86_64 /usr/lib/testssl/openssl && \
chmod ugo+x /usr/lib/testssl/openssl && \
mv /tmp/testssl/etc/ /usr/lib/testssl/etc/ && \
mv /tmp/testssl/testssl.sh /usr/lib/testssl/testssl.sh && \
chmod ugo+x /usr/lib/testssl/testssl.sh
FROM node:current-bullseye-slim as release
COPY --from=build /opt/venv /opt/venv
COPY --from=build /usr/lib/nikto/ /usr/lib/nikto/
COPY --from=build /usr/lib/sonar-scanner/ /usr/lib/sonar-scanner/
COPY --from=build /usr/lib/testssl/ /usr/lib/testssl/
RUN ln -s /usr/lib/nikto/nikto.pl /usr/local/bin/nikto.pl && \
ln -s /usr/lib/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner && \
ln -s /usr/lib/testssl/testssl.sh /usr/local/bin/testssl.sh
# Install necessary binaries
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
bsdmainutils \
curl \
dnsutils \
git \
jq \
libnet-ssleay-perl \
procps \
python3 \
python3-venv \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Update node package manager and typescript package
# Update packages
RUN npm install --global npm@latest typescript@latest @cyclonedx/bom@latest && \
npm update --global && \
npm cache clean --force
ENV PATH="/opt/venv/bin:$PATH"
ENV SONAR_RUNNER_HOME=/usr/lib/sonar-scanner SONAR_USER_HOME=/tmp
ENV LC_ALL=C.UTF-8
ENV ANCHORE_CLI_URL=http://anchore-engine_api_1:8228/v1 ANCHORE_CLI_USER=admin ANCHORE_CLI_PASS=foobar
ENV NODE_PATH=/usr/local/lib/node_modules
RUN groupadd -r tool && \
useradd --create-home --no-log-init --shell /bin/bash --system --gid tool --groups tool,node tool && \
chown -R tool:tool /opt/venv
USER tool