-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathscan.sh
executable file
·91 lines (77 loc) · 2.29 KB
/
scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
set -euo pipefail
MICROSCANNER_TOKEN="${MICROSCANNER_TOKEN:-}"
MICROSCANNER_OPTIONS="${MICROSCANNER_OPTIONS:-}"
DOCKER_IMAGE="${1:-}"
TEMP_IMAGE_TAG=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 32 | head -n 1 | tr '[:upper:]' '[:lower:]' || true)
main() {
local MICROSCANNER_BINARY MICROSCANNER_SOURCE
[[ -z ${MICROSCANNER_TOKEN} ]] && {
print_usage
exit 1
}
[[ -z ${DOCKER_IMAGE} ]] && {
print_usage
exit 1
}
trap cleanup EXIT
TEMP_DIR=$(mktemp -d)
cd "${TEMP_DIR}"
MICROSCANNER_SOURCE="https://get.aquasec.com/microscanner"
if [[ "${USE_LOCAL:-0}" == 1 ]] \
&& MICROSCANNER_BINARY=$(
{
unset -f microscanner
unalias microscanner
} &>/dev/null
command -v microscanner 2>/dev/null
); then
printf "Using local "
microscanner --version
cp "${MICROSCANNER_BINARY}" ./microscanner
MICROSCANNER_SOURCE="microscanner"
echo
fi
{
cat <<EOL
FROM ${DOCKER_IMAGE}
USER root
EOL
cat <<'EOL'
RUN if [ ! -d /etc/ssl/certs/ ] || { [ ! -f /etc/ssl/certs/ca-certificates.crt ] && [ ! -f /etc/ssl/certs/ca-bundle.crt ]; }; then \
PACKAGE_MANAGER=$(basename \
$({ command -v apk apt yum false 2>/dev/null || which apk apt yum false; } \
| head -n1)); \
if [ "${PACKAGE_MANAGER}" = "apk" ]; then \
apk --update add ca-certificates; \
elif [ "${PACKAGE_MANAGER}" = "apt" ]; then \
apt update \
&& apt install --no-install-recommends -y ca-certificates \
&& update-ca-certificates; \
elif [ "${PACKAGE_MANAGER}" = "yum" ]; then \
yum install -y ca-certificates; \
else \
echo 'ca-certificates not found and package manager not apk, apt, or yum. Aborting' >&2; \
exit 1; \
fi; \
fi;
EOL
cat <<EOL
ADD ${MICROSCANNER_SOURCE} /tmp/microscanner
RUN [ -x /tmp/microscanner ] || chmod +x /tmp/microscanner \
&& sync \
&& /tmp/microscanner --version \
&& /tmp/microscanner ${MICROSCANNER_OPTIONS} ${MICROSCANNER_TOKEN}
EOL
} | docker build --force-rm -t "${TEMP_IMAGE_TAG}" -f - .
}
print_usage() {
echo "Usage: MICROSCANNER_TOKEN=xxxxxxxxxxxxxxxx ./scan.sh DOCKER_IMAGE"
}
cleanup() {
if docker inspect --type=image "${TEMP_IMAGE_TAG}" &>/dev/null; then
docker image rm --force "${TEMP_IMAGE_TAG}" || true
fi
rm -rf "${TEMP_DIR}" || true
}
main