From a481e99ac31df3243441f39d89eca4f9db8e26e5 Mon Sep 17 00:00:00 2001 From: Elia el Lazkani Date: Mon, 3 Jul 2023 20:41:23 +0200 Subject: [PATCH] chore(): Migrates trivy to remote mode --- .drone.yml | 7 +++---- Dockerfile | 5 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index a36c641..ac219ce 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,9 +13,8 @@ steps: password: from_secret: registry_password repo: scm.project42.io/elia/trivy - dry_run: true + dry_run: false squash: true - purge: false compress: true tags: - pre-scan @@ -25,8 +24,7 @@ steps: image: scm.project42.io/elia/trivy:production privileged: true commands: - - /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock - - /usr/local/bin/dockerd-entrypoint.sh /usr/local/bin/trivy image scm.project42.io/elia/trivy:pre-scan + - /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:pre-scan failure: ignore trigger: @@ -51,6 +49,7 @@ steps: repo: scm.project42.io/elia/trivy dry_run: false squash: true + compress: true tags: - production - "${DRONE_COMMIT_SHA:0:8}" diff --git a/Dockerfile b/Dockerfile index d739597..38ac8e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,7 @@ -FROM docker:dind +FROM alpine MAINTAINER Elia El Lazkani ARG ORAS_VERSION="1.0.0" -ENV DOCKER_HOST=unix:///var/run/docker.sock RUN apk add --virtual .build-deps curl && \ export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ @@ -14,4 +13,4 @@ RUN apk add --virtual .build-deps curl && \ ln -s /opt/trivy/trivy /usr/local/bin/trivy && \ apk del .build-deps -ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/usr/local/bin/trivy"] +ENTRYPOINT ["/usr/local/bin/trivy"]