How to use Dive in gitlab CI Securely? #493
Labels
enhancement
Add a new feature
Comments
|
You could supply an image as an archive to circumvent the need for How you get the file where you need it is up to you and your CI. |
|
Yes, Thanks and I got your point. |
|
If anyone's looking for a more complete GitLab CI example for saving the archive file: dive:
image:
name: wagoodman/dive:latest
entrypoint: ['']
script:
- apk add --no-cache skopeo
- skopeo copy docker://${IMAGE_NAME}:${IMAGE_TAG} docker-archive:archive.tar
- dive --source docker-archive archive.tar |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue:
My understand to dive is that dive has to pull the image to his local docker engine and then dive could scan the docker image layer.
I use dive in .gitlab-ci.yml.
I have to mount the docker.sock file to my container such as "-v /var/run/docker.sock:/var/run/docker.sock", which is not secure I think.
My question is that how could I use dive in gitlab-ci.yml without "-v /var/run/docker.sock:/var/run/docker.sock"?
The text was updated successfully, but these errors were encountered: