Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md

README.md

Integration: Google Cloud Builder


Custom Build Step

Put this Custom Build Step in your existing cloudbuild.yaml to run and then scan the container during the build process. Optionall, blocks the build on presence of vulnerabilities.


Dependencies

This Custom Build Step uses a relatively stock Ubuntu image with Docker installed and Federacy.sh copied. The Dockerfile and contents file are in the images directory in the base of this repository. The scanned container requires a package manager.


Credentials

  1. Sign up for a free account at app.federacy.com
  2. Click Add Host
  3. Replace $USERNAME and $TOKEN in the examples below

Build Scan (non-blocking)

{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/docker",
      "id": "a",
      "args": [
        "build", "-t", "gcr.io/$PROJECT_ID/cb-demo-img", "."
      ]
    },
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": [
        "run", --name, "federacyscan", "-d", "gcr.io/$PROJECT_ID/cb-demo-img"
      ]
    },
    {
      "name": "gcr.io/verdant-oven-164104/federacy_cloud_builder",
      "args": [
        "bash", "/federacy.sh docker_check"
      ],
      "env": [
        "FEDERACY_USERNAME=root",
        "FEDERACY_API_USERNAME=$USERNAME",
        "FEDERACY_API_TOKEN=$TOKEN",
        "CONTAINERS=federacyscan"
      ]
    }  ],
  "images": [
    "gcr.io/$PROJECT_ID/cb-demo-img"
  ]
}

Build Scan (blocking)

{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/docker",
      "id": "a",
      "args": [
        "build", "-t", "gcr.io/$PROJECT_ID/cb-demo-img", "."
      ]
    },
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": [
        "run", --name, "federacyscan", "-d", "gcr.io/$PROJECT_ID/cb-demo-img"
      ]
    },
    {
      "name": "gcr.io/verdant-oven-164104/federacy_cloud_builder",
      "args": [
        "bash", "/federacy.sh docker_check"
      ],
      "env": [
        "FEDERACY_USERNAME=root",
        "FEDERACY_API_USERNAME=$USERNAME",
        "FEDERACY_API_TOKEN=$TOKEN",
        "CONTAINERS=federacyscan"
      ]
    }  ],
  "images": [
    "gcr.io/$PROJECT_ID/cb-demo-img"
  ]
}