-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
45 lines (35 loc) · 1.54 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Use a Debian base image
FROM debian:bullseye-slim
# Label the image with metadata
LABEL maintainer="Jay Schmidt <[email protected]>"
LABEL description="Build a grype image with a custom DB"
# Install necessary packages in one layer to reduce image size
RUN apt-get update && \
apt-get install -y \
curl \
bash \
jq \
python3-pip && \
# Clean up to reduce image size
rm -rf /var/lib/apt/lists/*
# Install grype using the official installation script
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
# Install grype-db using the official installation script
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b /usr/local/bin
# Install Vunnel using pip
RUN pip install vunnel
# Set up the environment for grype by creating necessary directories
RUN mkdir -p ./grype/db
# Copy the grype and grype-db configuration files from the host to the image
# and rename them to start with a dot, making them hidden files
COPY grype.yaml /root/.grype.yaml
COPY grype-db.yaml /root/.grype-db.yaml
# Set the working directory to /root to avoid using absolute paths
WORKDIR /root
# Run the grype-db commands to set up the database with verbose logging
# and import the generated database archive (the wildcard '*' handles changing filenames)
RUN grype-db -vv -g -p alpine && \
grype-db -vv -g -p alpine build && \
grype db import ./build/*.tar.gz
# Set the entry point to grype so that the container runs grype by default
ENTRYPOINT ["grype"]