chore(): Enhances the capabilities of Tricks
- Adds quick scan capability for scanning without pushing the image - Automates pulling Oras' latest version
This commit is contained in:
parent
fda6eaa868
commit
9d81a323d0
3 changed files with 23 additions and 3 deletions
|
@ -1,11 +1,10 @@
|
||||||
FROM python:alpine
|
FROM python:alpine
|
||||||
MAINTAINER Elia El Lazkani <git@lazkani.io>
|
MAINTAINER Elia El Lazkani <git@lazkani.io>
|
||||||
|
|
||||||
ARG ORAS_VERSION="1.0.0"
|
|
||||||
|
|
||||||
COPY scripts/* /usr/local/bin/
|
COPY scripts/* /usr/local/bin/
|
||||||
|
|
||||||
RUN apk add --virtual .build-deps curl && \
|
RUN apk add --virtual .build-deps curl && \
|
||||||
|
export ORAS_VERSION=$(wget -qO - "https://api.github.com/repos/oras-project/oras/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
|
||||||
curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \
|
curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \
|
||||||
mkdir -p oras-install/ && \
|
mkdir -p oras-install/ && \
|
||||||
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \
|
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \
|
||||||
|
|
18
scripts/quick-scan
Executable file
18
scripts/quick-scan
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
import sys
|
||||||
|
from args import argument_parse
|
||||||
|
from trivy import Trivy
|
||||||
|
|
||||||
|
def main():
|
||||||
|
|
||||||
|
args = argument_parse()
|
||||||
|
|
||||||
|
trivy = Trivy(args.image, args.tag)
|
||||||
|
scan = trivy.full_scan(image_src="remote", generate_report=False)
|
||||||
|
if not scan:
|
||||||
|
sys.exit(1)
|
||||||
|
print("Full scan successful...")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
|
@ -57,7 +57,7 @@ class Trivy:
|
||||||
return self.error()
|
return self.error()
|
||||||
return self.success()
|
return self.success()
|
||||||
|
|
||||||
def full_scan(self, image_src: str = None):
|
def full_scan(self, image_src: str = None, generate_report: bool = True):
|
||||||
severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src)
|
severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src)
|
||||||
full_report, _ = self.full_report(image_src=image_src)
|
full_report, _ = self.full_report(image_src=image_src)
|
||||||
|
|
||||||
|
@ -69,6 +69,9 @@ class Trivy:
|
||||||
return self.error()
|
return self.error()
|
||||||
print("Passed security check scan...")
|
print("Passed security check scan...")
|
||||||
|
|
||||||
|
if not generate_report:
|
||||||
|
return self.success()
|
||||||
|
|
||||||
_, _ = self.generate_cdx_report(image_src=image_src)
|
_, _ = self.generate_cdx_report(image_src=image_src)
|
||||||
|
|
||||||
result = self.get_result()
|
result = self.get_result()
|
||||||
|
|
Loading…
Reference in a new issue