Update Dockerfile

Signed-off-by: Marcin Kozlowski <[email protected]>
tcosolutions · Jul 3, 2024 · 87f7971 · 87f7971
1 parent 4016eef
commit 87f7971
Showing 1 changed file with 72 additions and 68 deletions.
diff --git a/docker/docker/worker/Dockerfile b/docker/docker/worker/Dockerfile
@@ -1,73 +1,77 @@
 ARG DEBIAN_FRONTEND=noninteractive
 FROM python:3.8
-RUN ssh-keyscan github.com > /etc/ssh/known_hosts
-RUN sed /^StrictHostKeyChecking/d /etc/ssh/ssh_config; \
-  echo StrictHostKeyChecking no >> /etc/ssh/ssh_config
-RUN ln -snf /usr/share/zoneinfo/$CONTAINER_TIMEZONE /etc/localtime && echo $CONTAINER_TIMEZONE > /etc/timezone
-RUN apt update && apt install -y libcurl4-nss-dev libssl-dev tree git sudo ssh rubygems python3-pip npm php default-jdk pipenv rsync jo libpq-dev curl
-WORKDIR /
-RUN mkdir -p /srv
-RUN --mount=type=ssh git clone [email protected]:topcodersonline-solutions/betterscan-ce /srv/betterscan
-WORKDIR /srv/betterscan
-WORKDIR /srv/betterscan
-RUN pip install pipenv
-RUN python3 -m pipenv install --system
-WORKDIR /
-RUN --mount=type=ssh git clone -b checkmate3 [email protected]:topcodersonline-solutions/checkmate-ce /checkmate
-WORKDIR /checkmate
-RUN python3 setup.py install
-WORKDIR /
-WORKDIR /
-RUN python3 -m pip install psycopg2 --upgrade
-RUN ln -s /srv/betterscan/quantifiedcode/settings/default.yml /srv/betterscan/settings.yml
-WORKDIR /root
-RUN apt install -y wget
-RUN wget https://golang.org/dl/go1.22.4.linux-amd64.tar.gz
-RUN sudo tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz
-RUN mkdir /root/bin
-RUN gem install brakeman
-RUN python3 -m pip install bandit
-RUN python3 -m pip install semgrep
+
+# Set environment variables for timezone and non-interactive installs
+ENV CONTAINER_TIMEZONE=UTC
+ENV TZ=${CONTAINER_TIMEZONE}
+
+# Install basic dependencies in one RUN command
+RUN apt-get update && apt-get install -y \
+    libcurl4-nss-dev libssl-dev tree git sudo ssh rubygems \
+    python3-pip npm php default-jdk pipenv rsync jo libpq-dev curl \
+    wget unzip && \
+    ln -snf /usr/share/zoneinfo/$CONTAINER_TIMEZONE /etc/localtime && \
+    echo $CONTAINER_TIMEZONE > /etc/timezone && \
+    ssh-keyscan github.com >> /etc/ssh/ssh_known_hosts && \
+    echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
+
+# Set up Go environment
+RUN wget https://golang.org/dl/go1.22.4.linux-amd64.tar.gz && \
+    sudo tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz && \
+    mkdir /root/bin && \
+    rm go1.22.4.linux-amd64.tar.gz
+
+# Install Ruby gem and Python packages
+RUN gem install brakeman && \
+    python3 -m pip install pipenv bandit semgrep psycopg2 markupsafe==2.0.1 \
+    email_validator testresources checkov yara-scanner sqlalchemy===1.4.46
+
+# Install Node.js package
 RUN npm install -g jshint
-WORKDIR /root
-RUN --mount=type=ssh git clone [email protected]:topcodersonline-solutions/trufflehog3-oss.git
-RUN cd trufflehog3-oss && python3 setup.py install
-RUN python3 -m pip install markupsafe==2.0.1
+
+# Clone repositories and set up projects
+RUN mkdir -p /srv /root && \
+    --mount=type=ssh git clone [email protected]:topcodersonline-solutions/betterscan-ce /srv/betterscan && \
+    cd /srv/betterscan && \
+    pipenv install --system && \
+    ln -s /srv/betterscan/quantifiedcode/settings/default.yml /srv/betterscan/settings.yml && \
+    --mount=type=ssh git clone -b checkmate3 [email protected]:topcodersonline-solutions/checkmate-ce /checkmate && \
+    cd /checkmate && \
+    python3 setup.py install && \
+    --mount=type=ssh git clone [email protected]:topcodersonline-solutions/trufflehog3-oss.git /root/trufflehog3-oss && \
+    cd /root/trufflehog3-oss && \
+    python3 setup.py install && \
+    --mount=type=ssh git clone [email protected]:topcodersonline-solutions/graudit-ce /root/graudit && \
+    --mount=type=ssh git clone [email protected]:topcodersonline-solutions/text4shell-ce /root/text4shell-ce && \
+    --mount=type=ssh git clone [email protected]:topcodersonline-solutions/ptpt /root/ptpt && \
+    cd /root/ptpt && \
+    /usr/local/go/bin/go build && \
+    cp /root/ptpt/ptpt /root/bin/ptpt
+
+# Set up additional tools
+RUN wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.41.0/pmd-bin-6.41.0.zip && \
+    unzip pmd-bin-6.41.0.zip && \
+    rm pmd-bin-6.41.0.zip && \
+    mkdir /root/phpscan/ && \
+    cp /srv/betterscan/analyzers/progpilot.phar /root/phpscan/ && \
+    cp /srv/betterscan/analyzers/find_unicode_control2.py /usr/local/bin/ && \
+    cp -pr /srv/betterscan/analyzers/custom-semgrep /root && \
+    cp /srv/betterscan/analyzers/*.yml /root/ && \
+    mkdir -p /usr/lib/python3/site-packages/checkmate3-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js && \
+    cp /srv/betterscan/analyzers/json_reporter.js /usr/lib/python3/site-packages/checkmate3-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js/ && \
+    mkdir /root/yara && \
+    cp -pr /srv/betterscan/analyzers/yara/* /root/yara && \
+    /usr/local/go/bin/go install honnef.co/go/tools/cmd/staticcheck@latest && \
+    cp /root/go/bin/staticcheck /root/bin/staticcheck && \
+    curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash && \
+    curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | bash
+
+# Final working directory
 WORKDIR /srv/betterscan
+
+# Display tree structure of /srv/betterscan
 RUN tree
-WORKDIR /root
-RUN wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.41.0/pmd-bin-6.41.0.zip
-RUN unzip pmd-bin-6.41.0.zip
-RUN mkdir /root/phpscan/
-RUN cp /srv/betterscan/analyzers/progpilot.phar /root/phpscan/
-RUN cp /srv/betterscan/analyzers/find_unicode_control2.py /usr/local/bin/
-RUN cp -pr /srv/betterscan/analyzers/custom-semgrep /root
-RUN cp /srv/betterscan/analyzers/*.yml /root/
-#RUN cp /srv/betterscan/sshfeature/ssh /usr/lib/python3/site-packages/checkmate3-0.2.0-py3.8.egg/checkmate/contrib/plugins/git/lib
-RUN mkdir -p /usr/lib/python3/site-packages/checkmate3-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js
-RUN cp /srv/betterscan/analyzers/json_reporter.js /usr/lib/python3/site-packages/checkmate3-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js/
-RUN python3 -m pip install email_validator
-#RUN pip3 install celery==4.4.6
-RUN python3 -m pip install testresources
-RUN python3 -m pip install checkov
-RUN curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
-#RUN wget https://github.com/insidersec/insider/releases/download/3.0.0/insider_3.0.0_linux_x86_64.tar.gz
-#RUN tar -xzf insider_3.0.0_linux_x86_64.tar.gz
-WORKDIR /root
-RUN --mount=type=ssh git clone [email protected]:topcodersonline-solutions/graudit-ce graudit
-RUN --mount=type=ssh git clone [email protected]:topcodersonline-solutions/text4shell-ce text4shell-ce
-RUN python3 -m pip install yara-scanner
-RUN mkdir /root/yara
-RUN cp -pr /srv/betterscan/analyzers/yara/* /root/yara
-#ADD https://nixos.org/nix/install /tmp
-#RUN bash -c "bash /tmp/install --daemon"
-#RUN bash -c "/root/.nix-profile/bin/nix-env -if https://github.com/fluidattacks/makes/archive/24.01.tar.gz"
-#RUN bash -c "/root/.nix-profile/bin/m gitlab:fluidattacks/universe@trunk /skims"
-RUN /usr/local/go/bin/go install honnef.co/go/tools/cmd/staticcheck@latest
-RUN cp /root/go/bin/staticcheck /root/bin/staticcheck
-RUN python3 -m pip install sqlalchemy===1.4.46
-RUN --mount=type=ssh git clone [email protected]:topcodersonline-solutions/ptpt.git ptpt
-WORKDIR /root/ptpt
-RUN /usr/local/go/bin/go build
-RUN cp /root/ptpt/ptpt /root/bin/ptpt
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
+
+# Clean up
+RUN apt-get clean && \
+    rm -rf /var/lib/apt/lists/*