Skip to content

Commit

Permalink
GCP container scanning tooling (#758)
Browse files Browse the repository at this point in the history 
* GCP container scanning tooling

* Update docs/development/releases.md
  • Loading branch information
@eschultink
eschultink committed Jul 11, 2024
1 parent e5fbdfd commit 71f7f90
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 1 deletion.
10 changes: 9 additions & 1 deletion docs/development/releases.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,16 @@ On `rc-`:

QA aws, gcp dev examples by running `terraform apply` for each, and testing various connectors.

Scan a GCP container image for vulnerabilities:

```shell
./tools/gcp/container-scan.sh psoxy-dev-erik psoxy-dev-erik-gcal
```

Create PR to merge `rc-` to `main`.

```shell
./tools/release/rc-to-release.sh v0.4.16
./tools/release/rc-to-main.sh v0.4.16
```

After merged to `main`:
Expand Down
39 changes: 39 additions & 0 deletions tools/gcp/container-scan.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/bash


# NOTE: requires that you've enabled the Container Analysis API for the project
# https://console.developers.google.com/apis/library/containeranalysis.googleapis.com

RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

USAGE=$(printf "Usage: $0 <project_id> <instance_name>\n Example: $0 psoxy-dev-erik psoxy-dev-erik-gcal")
å
PROJECT_ID=$1
if [ -z "$PROJECT_ID" ]; then
printf "${RED}Project ID not provided. Exiting.${NC}\n"
printf "$USAGE\n"
exit 1
fi

INSTANCE_NAME=$2
if [ -z "$INSTANCE_NAME" ]; then
printf "${RED}Instance name not provided. Exiting.${NC}\n"
printf "$USAGE\n"
exit 1
fi

REGION=us-central1

INSTANCE_NAME_EXTRA_DASHES=$(echo $INSTANCE_NAME | sed 's/-/--/g')

VERSION=$(gcloud artifacts docker images list ${REGION}-docker.pkg.dev/${PROJECT_ID}/gcf-artifacts/${INSTANCE_NAME_EXTRA_DASHES} --format=json | jq -r 'max_by(.createTime) | .version')

printf "Initiating container scan for ${BLUE}${INSTANCE_NAME}:${VERSION}${NC}\n"
printf "Results will be available in the GCP Console: ${BLUE}https://console.cloud.google.com/artifacts/docker/$PROJECT_ID/$REGION/gcf-artifacts/$INSTANCE_NAME_EXTRA_DASHES?project=$PROJECT_ID${NC}\n"

gcloud artifacts docker images scan ${REGION}-docker.pkg.dev/${PROJECT_ID}/gcf-artifacts/${INSTANCE_NAME_EXTRA_DASHES}@$VERSION --additional-package-types=MAVEN --remote --project=$PROJECT_ID --async

printf "${GREEN}Container scan initiated.${NC}\n"

0 comments on commit 71f7f90

Please sign in to comment.