/
Dockerfile
51 lines (47 loc) · 1.5 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
FROM golang:1.18.2 as builder
WORKDIR /go/src/github.com/ca-risken/aws/
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -buildvcs=false -o /go/bin/cloudsploit cmd/cloudsploit/main.go
FROM node:lts-alpine3.12 as cloudsploit
# 2023/03/20時点で最新
ARG CLOUDSPLOIT_COMMIT_HASH=3d5f72d46e495ffcb8d9ebf44e60b6551fddbf4e
RUN apk add --no-cache ca-certificates tzdata git \
&& mkdir -p /opt/cloudsploit \
&& cd /opt/cloudsploit \
&& git init \
&& git remote add origin https://github.com/aquasecurity/cloudsploit.git \
&& git fetch origin ${CLOUDSPLOIT_COMMIT_HASH} --depth 1 \
&& git checkout FETCH_HEAD \
&& yarn install \
&& chmod +x index.js
FROM public.ecr.aws/risken/base/risken-base:v0.0.1 as risken-base
FROM node:lts-alpine3.12
COPY --from=builder /go/bin/cloudsploit /usr/local/cloudsploit/bin/
COPY --from=cloudsploit /opt/cloudsploit /opt/cloudsploit
COPY --from=risken-base /usr/local/bin/env-injector /usr/local/bin/
ENV DEBUG= \
PROFILE_EXPORTER= \
PROFILE_TYPES= \
AWS_REGION= \
AWS_ACCESS_KEY_ID= \
AWS_SECRET_ACCESS_KEY= \
AWS_SESSION_TOKEN= \
SQS_ENDPOINT= \
CLOUDSPLOIT_QUEUE_NAME= \
CLOUDSPLOIT_QUEUE_URL= \
MAX_NUMBER_OF_MESSAGE= \
WAIT_TIME_SECOND=20 \
FINDING_SVC_ADDR= \
ALERT_SVC_ADDR= \
AWS_SVC_ADDR= \
RESULT_DIR=/tmp \
CONFIG_DIR=/tmp \
CLOUDSPLOIT_DIR="/opt/cloudsploit" \
MAX_MEM_SIZE_MB= \
TZ=Asia/Tokyo
WORKDIR /usr/local/cloudsploit
ENTRYPOINT ["/usr/local/bin/env-injector"]
CMD ["bin/cloudsploit"]