From f1a58fae1eba1d898a8fc428ba316162060aca92 Mon Sep 17 00:00:00 2001 From: Ian Cardoso Date: Fri, 9 Jun 2023 10:51:21 -0300 Subject: [PATCH] fix image_scan.sh script and download trivy version Signed-off-by: Ian Cardoso --- Dockerfile.dapper | 28 +++++++++++++++++----------- scripts/image_scan.sh | 4 ++-- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 0d9db5b68e7e..bf91ce4cbd93 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -19,17 +19,23 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c RUN python3 -m pip install awscli -RUN TRIVY_VERSION="0.42.0" && \ - if [ "$(go env GOARCH)" = "arm64" ] || [ "$(go env GOARCH)" = "arm" ]; then \ - # Turn arm64 and arm into uppercase ARM64 and ARM, respectively, for Trivy's download - TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \ - wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ - tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ - mv trivy /usr/local/bin; \ - elif [ "$(go env GOARCH)" = "amd64" ]; then \ - wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ - tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ - mv trivy /usr/local/bin; \ +RUN TRIVY_VERSION="0.43.1" && \ + if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \ + if [ "$(go env GOARCH)" = "arm64" ]; then \ + # Turn arm64 into uppercase ARM64 for Trivy's download + TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \ + wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ + tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ + mv trivy /usr/local/bin; \ + elif [ "$(go env GOARCH)" = "amd64" ]; then \ + wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ + tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ + mv trivy /usr/local/bin; \ + elif [ "$(go env GOARCH)" = "s390x" ]; then \ + wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \ + tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \ + mv trivy /usr/local/bin; \ + fi \ fi # this works for both go 1.17 and 1.18 diff --git a/scripts/image_scan.sh b/scripts/image_scan.sh index 8e7ced20e1dc..d057d09a31dd 100755 --- a/scripts/image_scan.sh +++ b/scripts/image_scan.sh @@ -9,8 +9,8 @@ fi ARCH=$2 -# skipping image scan for s390x since trivy doesn't support s390x arch yet -if [ "${ARCH}" == "s390x" ]; then +# skipping image scan for 32 bits image since trivy dropped support for those https://github.com/aquasecurity/trivy/discussions/4789 +if [[ "${ARCH}" = "arm" ]] || [ "${ARCH}" != "386" ]; then exit 0 fi