# Toolbox-QADocker

Toolbox-QADocker is a specialized Docker image designed for auditing and quality assurance of Docker images and related files. It serves as the bootstrap image that audits the toolbox-base and other custom toolboxes in the TSYSDevStack ecosystem.

## Purpose

- **Docker Image Auditing**: Equipped with tools like Hadolint, Dive, and Trivy for comprehensive Docker image analysis
- **Shell Script Validation**: Includes ShellCheck for validating shell scripts
- **Bootstrap Tool**: Used to audit the base and other custom toolboxes during development
- **Quick Rebuilds**: Designed to be minimal and quick to rebuild when needed

## Tools Included

- **Hadolint**: Dockerfile linter that checks for best practices
- **ShellCheck**: Static analysis tool for shell scripts
- **Trivy**: Comprehensive vulnerability scanner for containers
- **Docker Client**: Command-line interface for Docker
- **Dive**: Tool to explore layers in Docker images
- **Buildctl**: BuildKit client for advanced builds
- **Dockerlint**: Additional Dockerfile linter
- **Node.js**: JavaScript runtime for additional tooling

## Image Details

- Built from Ubuntu 24.04 base image
- Does NOT use the toolbox-base as foundation (unlike other toolboxes)
- Contains a non-root user `qadocker` for security
- Optimized for fast rebuilds and audits

## Usage

### Build the Image
```bash
./build.sh
```

### Run the Container Interactively
```bash
./run.sh
```

### Run Directly with Docker
```bash
docker run -it --rm \
  -v "$(pwd)":/workspace \
  -w /workspace \
  tsysdevstack-toolboxstack-toolbox-qadocker:dev \
  bash
```

### Run QA on a Dockerfile
```bash
docker run --rm -v /path/to/project:/workspace -w /workspace tsysdevstack-toolboxstack-toolbox-qadocker:dev hadolint --config .hadolint.yaml Dockerfile
```

### Run QA on Shell Scripts
```bash
docker run --rm -v /path/to/project:/workspace -w /workspace tsysdevstack-toolboxstack-toolbox-qadocker:dev shellcheck script.sh
```

## Non-Root User

The container runs as the `qadocker` user by default. If you need root access, run the container with `--user root`.

## Security

- Built with security best practices in mind
- Minimal attack surface
- Non-root user for running tools
- Regular security scanning with Trivy

## Development

This image is designed to be simple to modify and rebuild. The Dockerfile contains all necessary tool installations and is optimized for caching and build speed.

## QA Process

The image QA process includes:
- Validating the Dockerfile with Hadolint
- Checking shell scripts with ShellCheck
- Running filesystem scans with Trivy
- Verifying all tools are properly installed