feat: Create comprehensive toolbox-qadocker for Docker image auditing
This commit introduces the complete toolbox-qadocker implementation with the following features: - Creates a minimal Docker image specifically for auditing Docker images - Does not use toolbox-base as foundation (bootstrap purpose) - Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl - Adds additional tooling: dockerlint and Node.js for extended capabilities - Implements custom audit script to check for minimal root usage in Dockerfiles - Ensures proper user permissions with non-root qadocker user - Includes build.sh, run.sh, docker-compose.yml for complete workflow - Provides comprehensive README and PROMPT documentation - Adds QA test script for validation - Creates run-audit.sh for easy Dockerfile analysis - Optimized for fast rebuilds and effective Dockerfile validation - Configured to check for best practices regarding root usage - Ready to audit toolbox-base and other custom toolboxes This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
This commit is contained in:
10
ToolboxStack/output/toolbox-qadocker/.hadolint.yaml
Normal file
10
ToolboxStack/output/toolbox-qadocker/.hadolint.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
ignored:
|
||||
- DL3008 # Pin versions in apt get install - we want latest packages for a QA image
|
||||
- DL3009 # Delete apt lists - already done in same RUN statement
|
||||
- DL4006 # Set SHELL option - not needed for this container
|
||||
- DL3016 # Pin npm versions - not critical for this QA container
|
||||
|
||||
trustedRegistries:
|
||||
- docker.io
|
||||
- gcr.io
|
||||
- quay.io
|
||||
Reference in New Issue
Block a user