The SourceClear agent is natively packaged for most platforms but isn't supported on some, e.g. the musl-based Alpine. This provides a way to run it on any platform with Docker support.
Build an image containing the agent:
docker build . -t srcclr/agentexport SRCCLR_API_TOKEN=token
./srcclr scan --url https://github.com/srcclr/example-ruby --quickThis scans the given repository within a container and cleans everything up when done.
For accurate results, the agent scans projects by building them and observing the dependencies resolved by their package managers. Full scans therefore require build-time dependencies, such as external programs and system libraries, to be present in the container.
An easy way to accomplish this is to extend the image built earlier with a second Dockerfile:
FROM srcclr/agent
RUN apt-get update -y && apt-get install -y mavendocker build . -f Dockerfile-maven -t srcclr/agent-mavenWith that done, full scans will work.
IMAGE=srcclr/agent-maven ./srcclr scan --url https://github.com/srcclr/example-java-mavenTo speed up builds, it may be useful to mount system-wide cache directories. This may be done using $DOCKER_ARGS:
DOCKER_ARGS="-v $HOME/.m2:/root/.m2" IMAGE=srcclr/agent-maven \
./srcclr scan --url https://github.com/srcclr/example-java-mavenThe srcclr script predefines a few build $TYPEs to simplify this configuration, so all of the above may be done with:
TYPE=maven ./srcclr scan --url https://github.com/srcclr/example-java-maven