forked from bridgecrewio/checkov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
36 lines (31 loc) · 1.3 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM python:3.11-slim
ENV RUN_IN_DOCKER=True
RUN set -eux; \
apt-get update; \
apt-get -y --no-install-recommends upgrade; \
apt-get install -y --no-install-recommends \
ca-certificates \
git \
curl \
openssh-client \
; \
\
curl -sSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3; \
chmod 700 get_helm.sh; \
VERIFY_CHECKSUM=true ./get_helm.sh; \
rm ./get_helm.sh; \
\
curl -sSLo get_kustomize.sh https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh; \
chmod 700 get_kustomize.sh; \
./get_kustomize.sh; mv /kustomize /usr/bin/kustomize; \
rm ./get_kustomize.sh; \
\
apt-get remove -y curl; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN pip install --no-cache-dir -U checkov
COPY ./github_action_resources/entrypoint.sh /entrypoint.sh
COPY ./github_action_resources/checkov-problem-matcher.json /usr/local/lib/checkov-problem-matcher.json
COPY ./github_action_resources/checkov-problem-matcher-softfail.json /usr/local/lib/checkov-problem-matcher-softfail.json
# Code file to execute when the docker container starts up (`entrypoint.sh`)
ENTRYPOINT ["/entrypoint.sh"]