dockerfile-add-scanner

command module
v0.0.0-...-4c7de5e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

README

Dockerfile ADD Scanner

This is a simple tool that scans Dockerfiles for ADD commands and reports all remote URLs from which data is being downloaded. This is useful for security auditing purposes.

It understands the git syntax, and is capable of interpolating variables inside the ADD command.

Simple example:

$ go run -tags dfaddgit . scan ../../pkg/acrn/Dockerfile ../../pkg/grub/Dockerfile
git://github.com/ulfalizer/Kconfiglib.git#v12.14.1
https://github.com/projectacrn/acrn-hypervisor/archive/v1.3.tar.gz
https://git.savannah.gnu.org/cgit/grub.git/snapshot/grub-2.06.tar.gz
git://git.sv.gnu.org/gnulib#d271f868a8df9bbec29049d01e056481b7a1a263

This should be built, and run when using go run, with the dfaddgit tag, i.e. go build -tags dfaddgit or go run -tags dfaddgit.

Building

A Makefile is provided to build the tool. Just run:

make build

and it will deposit the built file in the bin/ directory as bin/dockerfile-add-scanner.

You can change the target outfile with make build OUTFILE=/tmp/foo, or just the output directory while keeping the filename with make build OUTDIR=/tmp.

Note that the directory bin/ is already in the .gitignore file.

Documentation

Overview

Package main runs the scanner

Source Files

View all Source files

Directories

Path Synopsis
Package cli provides CLI commands, subcommands and flags
 Package cli provides CLI commands, subcommands and flags

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.