-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathregistry_scan.sh
executable file
·67 lines (47 loc) · 1.47 KB
/
registry_scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# Uses quay.io/sysdig/secure-inline-scan:2
# This is an example script that scans from a private registry
# with Sysdig without requiring priviledges.
# It creates a temporary docker-config.json auth file for dockerhub registry,
# but can be replaced to use any other registry using Docker credentials.
set -euf
KEYS=${KEYS:-"./"}
DOCKER_USER=$(cat $KEYS/DOCKER_USER)
DOCKER_PASS=$(cat $KEYS/DOCKER_PASS)
SYSDIG_SECURE_API_TOKEN=$(cat $KEYS/SYSDIG_SECURE_API_TOKEN)
DOCKER_AUTH=$(echo -n "$DOCKER_USER:$DOCKER_PASS" | base64)
IMAGE=docker.io/vicenteherrera/leeroy-web-my
REPO=https://github.com/GoogleContainerTools/skaffold
DOCKERFILE=examples/microservices/leeroy-web/Dockerfile
CONTEXT=examples/microservices/leeroy-web/
function docker_auth_create {
echo
echo "> Create docker-config.json"
cat <<EOF > "./docker-config.json"
{
"auths":{
"https://index.docker.io":{
"username":"${DOCKER_USER}",
"password":"${DOCKER_PASS}",
"auth":"${DOCKER_AUTH}",
"email":"not@val.id"
}
}
}
EOF
}
function scan {
echo
echo "> Scan"
docker run \
-v $PWD:/workspace \
quay.io/sysdig/secure-inline-scan:2 \
--registry-auth-file /workspace/docker-config.json \
-k $SYSDIG_SECURE_API_TOKEN \
-s https://secure.sysdig.com \
$IMAGE
}
# PIPELINE
docker_auth_create
scan
trap "rm -f docker-config.json" EXIT