forked from aquasecurity/cloudsploit
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
38 lines (30 loc) · 1.26 KB
/
Dockerfile
File metadata and controls
38 lines (30 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
FROM node:lts-alpine3.12
# Define a build argment that can be supplied when building the container
# You can then do the following:
#
# docker build --build-arg PACKAGENAME=@myscope/cloudsploit
#
# This allows a fork to build their own container from this common Dockerfile.
# You could also use this to specify a particular version number.
ARG PACKAGENAME=cloudsploit
# Create a non-root user and group
RUN addgroup -S cloudsploit && adduser -S cloudsploit -G cloudsploit
COPY . /var/scan/cloudsploit/
# Set the working directory to /var/scan
WORKDIR /var/scan
# Install cloudsploit/scan into the container using npm from NPM
RUN npm init --yes \
&& npm install ${PACKAGENAME} \
&& npm link /var/scan/cloudsploit \
&& chown -R cloudsploit:cloudsploit /var/scan
# Setup the container's path so that you can run cloudsploit directly
# in case someone wants to customize it when running the container.
ENV PATH "$PATH:/var/scan/node_modules/.bin"
# Switch to non-root user
USER cloudsploit
# By default, run the scan. CMD allows consumers of the container to supply
# command line arguments to the run command to control how this executes.
# Thus, you can use the parameters that you would normally give to index.js
# when running in a container.
ENTRYPOINT ["cloudsploitscan"]
CMD []