Skip to content

Commit

Permalink
semgrep dockerfile
Browse files Browse the repository at this point in the history
  • Loading branch information
@pankajmouriyakong
pankajmouriyakong committed Nov 15, 2024
1 parent 3aeb976 commit 3061c6a
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 19 deletions.
26 changes: 13 additions & 13 deletions .github/dependencies.yml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
---
assets:
- name: trivy
tag: 0.57.0
build_args:
TRIVY_BASE_IMAGE: docker.io/aquasec/trivy
TRIVY_BASE_TAG: 0.57.0
TRIVY_BASE_REPO: trivy
TRIVY_BASE_OWNER: aquasec
TRIVY_BASE_REGISTRY: docker.io
TRIVY_DB_IMAGE: public.ecr.aws/aquasecurity/trivy-db
TRIVY_DB_REGISTRY: public.ecr.aws
TRIVY_DB_OWNER: aquasecurity
TRIVY_DB_REPO: trivy-db
TRIVY_DB_TAG: 2
# - name: trivy
# tag: 0.57.0
# build_args:
# TRIVY_BASE_IMAGE: docker.io/aquasec/trivy
# TRIVY_BASE_TAG: 0.57.0
# TRIVY_BASE_REPO: trivy
# TRIVY_BASE_OWNER: aquasec
# TRIVY_BASE_REGISTRY: docker.io
# TRIVY_DB_IMAGE: public.ecr.aws/aquasecurity/trivy-db
# TRIVY_DB_REGISTRY: public.ecr.aws
# TRIVY_DB_OWNER: aquasecurity
# TRIVY_DB_REPO: trivy-db
# TRIVY_DB_TAG: 2
- name: semgrep
tag: 1.96.0
build_args:
Expand Down
Binary file added security-actions/.DS_Store
View file
Binary file not shown.
10 changes: 5 additions & 5 deletions security-actions/dockerfiles/semgrep.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ ARG SEMGREP_BASE_TAG=latest
FROM ${SEMGREP_BASE_IMAGE}:${SEMGREP_BASE_TAG} AS semgrep-base

# Set up a non-root user for better security
ARG SEMGREP_USER=semgrep
RUN addgroup -g 1001 $SEMGREP_USER && \
adduser -D -u 1001 -G $SEMGREP_USER $SEMGREP_USER
#ARG SEMGREP_USER=semgrep
#RUN addgroup -g 1001 $SEMGREP_USER && \
# adduser -D -u 1001 -G $SEMGREP_USER $SEMGREP_USER

# Switch to the non-root user
USER $SEMGREP_USER
WORKDIR /home/$SEMGREP_USER
#USER $SEMGREP_USER
#WORKDIR /home/$SEMGREP_USER

# Set the entrypoint to the semgrep command
ENTRYPOINT ["semgrep"]
2 changes: 1 addition & 1 deletion security-actions/dockerfiles/trivy.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ RUN chown $TRIVY_USER:$TRIVY_USER /usr/local/bin/trivy
USER $TRIVY_USER
# Create necessary directories as Non root user
RUN mkdir -p $TRIVY_DB_CACHE_PATH

# Stage 3: Final image based on the Trivy image but with files from previous stages
FROM trivy-base AS trivy
#Switch to non-root user
Expand Down

0 comments on commit 3061c6a

Please sign in to comment.