forked from hawkeyesec/scanner-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
89 lines (69 loc) · 2.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
FROM centos:7
MAINTAINER Karl Stoney <[email protected]>
RUN yum -y -q update && \
yum -y -q remove iputils && \
yum -y -q install wget epel-release openssl openssl-devel tar unzip \
libffi-devel python-devel redhat-rpm-config git-core \
gcc gcc-c++ make zlib-devel pcre-devel ca-certificates \
ruby rubygems java-1.8.0-openjdk.x86_64 which && \
yum -y -q clean all
# Git-crypt
RUN cd /tmp && \
wget --quiet https://www.agwa.name/projects/git-crypt/downloads/git-crypt-0.5.0.tar.gz && \
tar xzf git-crypt* && \
cd git-crypt* && \
make && \
make install && \
rm -rf /tmp/git-crypt*
ENV NODE_VERSION=8.9.1
ENV NPM_VERSION=5.5.1
# Get nodejs repos
RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
RUN yum -y install nodejs-$NODE_VERSION && \
yum -y clean all
RUN rm -rf /usr/lib/node_modules/npm && \
mkdir /usr/lib/node_modules/npm && \
curl -sL https://github.com/npm/npm/archive/v$NPM_VERSION.tar.gz | tar xz -C /usr/lib/node_modules/npm --strip-components=1
RUN node --version && \
npm --version
# If we ever change the hawkeye version, redo everything below
ARG HE_VERSION=
# If we have changed the hawkeye version, do an update
RUN yum -y -q update && \
yum -y -q clean all
# Install python-pip
RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
RUN python get-pip.py
# Add bundler-audit
RUN gem install bundler-audit brakeman
RUN bundle-audit update
# Add safety, piprot, bandit
RUN pip install safety==1.6.1 piprot==0.9.8 bandit==1.4.0
# Add FindSecBugs
RUN mkdir /usr/local/bin/findsecbugs && \
cd /usr/local/bin/findsecbugs && \
wget --quiet https://github.com/find-sec-bugs/find-sec-bugs/releases/download/version-1.4.6/findsecbugs-cli-1.4.6.zip && \
unzip -q findsecbugs-cli-1.4.6.zip && \
chmod +x /usr/local/bin/findsecbugs/findsecbugs.sh && \
rm findsecbugs-cli-1.4.6.zip && \
mv findsecbugs.sh findsecbugs
ENV PATH=/usr/local/bin/findsecbugs:$PATH
#Add Owasp Dependency Check
ARG OWASP_DEP_FOLDER=/usr/local/bin/owaspdependency
RUN mkdir $OWASP_DEP_FOLDER && cd $OWASP_DEP_FOLDER && \
wget --quiet http://dl.bintray.com/jeremy-long/owasp/dependency-check-3.0.2-release.zip && \
unzip -q dependency-check-3.0.2-release.zip && \
chmod +x $OWASP_DEP_FOLDER/dependency-check/bin/dependency-check.sh && \
rm dependency-check-3.0.2-release.zip && \
mv dependency-check/bin/dependency-check.sh dependency-check/bin/dependency-check
ENV PATH=$OWASP_DEP_FOLDER/dependency-check/bin:$PATH
# Install hawkeye
RUN mkdir -p /hawkeye
COPY package.json /hawkeye
RUN cd /hawkeye && \
npm install --production --quiet
COPY ./ /hawkeye
WORKDIR /target
ENV PATH=/hawkeye/bin:$PATH
ENTRYPOINT ["hawkeye"]
CMD ["scan", "/target"]