KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ec443eef8b27d1bc3d91a1be0386c9c4e9a94cb
TSYSDevStack/ToolboxStack/output/toolbox-qadocker/run-audit.sh
ReachableCEO 343534ac12 feat: Create comprehensive toolbox-qadocker for Docker image auditing 
This commit introduces the complete toolbox-qadocker implementation with the following features:

- Creates a minimal Docker image specifically for auditing Docker images
- Does not use toolbox-base as foundation (bootstrap purpose)
- Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl
- Adds additional tooling: dockerlint and Node.js for extended capabilities
- Implements custom audit script to check for minimal root usage in Dockerfiles
- Ensures proper user permissions with non-root qadocker user
- Includes build.sh, run.sh, docker-compose.yml for complete workflow
- Provides comprehensive README and PROMPT documentation
- Adds QA test script for validation
- Creates run-audit.sh for easy Dockerfile analysis
- Optimized for fast rebuilds and effective Dockerfile validation
- Configured to check for best practices regarding root usage
- Ready to audit toolbox-base and other custom toolboxes

This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
2025-10-31 14:44:43 -05:00

32 lines
860 B
Bash
Executable File
Raw Blame History

#!/bin/bash
# Script to run Dockerfile auditing tools inside the toolbox-qadocker container
set -e
if [ -z "$1" ]; then
echo "Usage: $0 <path_to_dockerfile>"
echo "Example: $0 Dockerfile"
echo "This script mounts the current directory and runs auditing tools inside the container"
exit 1
fi
DOCKERFILE_PATH="$1"
if [ ! -f "$DOCKERFILE_PATH" ]; then
echo "Error: Dockerfile not found at $DOCKERFILE_PATH"
exit 1
fi
echo "Running Dockerfile audit using toolbox-qadocker container..."
echo "Auditing Dockerfile: $DOCKERFILE_PATH"
echo
# Run the audit using the container
docker run --rm \
-v "$(pwd)":/workspace \
-w /workspace \
tsysdevstack-toolboxstack-toolbox-qadocker:dev \
bash -c "./test-qa.sh && echo '' && echo 'Running custom audit script...' && ./audit-dockerfile.sh $DOCKERFILE_PATH"
echo
echo "Audit completed!"
Reference in New Issue View Git Blame Copy Permalink