This repository has been archived by the owner on Apr 13, 2020. It is now read-only.
forked from maThmatics/salus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
87 lines (70 loc) · 2.48 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
FROM ruby:2.4.4@sha256:99d10d192ac1df0873480b1e0262ff0295a15f1d97e5b7bd111a7bf61a808acc
MAINTAINER [email protected]
RUN apt-get update && apt-get install -y --no-install-recommends \
g++ \
gcc \
libc6-dev \
make \
pkg-config \
curl \
git \
python \
python-pip \
python-setuptools \
python-dev \
libpython-dev \
libicu-dev \
cmake \
pkg-config \
wget \
&& rm -rf /var/lib/apt/lists/*
# Required so that Brakeman doesn't run into encoding
# issues when it parses non-ASCII characters.
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
### JS + NODE
# Using node version 8.12.0 since it's the latest LTS.
ENV NODE_VERSION 8.12.0
ENV NPM_VERSION 6.4.1
ENV YARN_VERSION 1.10.1
ENV NPM_CONFIG_LOGLEVEL info
# Downloaded from https://nodejs.org/en/download/
COPY node_SHASUMS256.txt SHASUMS256.txt
RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
&& grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
&& rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt \
&& npm install -g npm@$NPM_VERSION \
&& npm install -g yarn@$YARN_VERSION
### GO - required for sift
ENV GOLANG_VERSION 1.8.3
ENV GOLANG_DOWNLOAD_URL https://golang.org/dl/go$GOLANG_VERSION.linux-amd64.tar.gz
ENV GOLANG_DOWNLOAD_SHA256 1862f4c3d3907e59b04a757cfda0ea7aa9ef39274af99a784f5be843c80c6772
RUN curl -fsSL "$GOLANG_DOWNLOAD_URL" -o golang.tar.gz \
&& echo "$GOLANG_DOWNLOAD_SHA256 golang.tar.gz" | sha256sum -c - \
&& tar -C /usr/local -xzf golang.tar.gz \
&& rm golang.tar.gz
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin"
### Salus
# make the folder for the repo (volumed in)
RUN mkdir -p /home/repo
WORKDIR /home
# ruby gems
COPY Gemfile Gemfile.lock /home/
RUN bundle install --deployment --without development:test
# node modules
COPY package.json yarn.lock /home/
RUN yarn
# prime the bundler-audit CVE DB
RUN bundle exec bundle-audit update
# More powerful grep alternative - https://sift-tool.org/
# Used in PaternSearch scanner.
RUN go get github.com/svent/sift
# copy salus code
COPY bin /home/bin
COPY lib /home/lib
COPY salus-default.yaml /home/
# run the salus scan when this docker container is run
ENTRYPOINT ["bundle", "exec", "./bin/salus", "scan"]