Merge pull request #18 from theredguild/tool-hadolint-kics

Adding tools: hadolint kics
theredguild · Oct 4, 2024 · 7bf334d · 7bf334d
2 parents db34d22 + 84708df
commit 7bf334d
Showing 1 changed file with 43 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -32,6 +32,7 @@ RUN apt-get update && apt-get install -y \
     make \
     vim \
     unzip \
+    default-jre \
     && rm -rf /var/lib/apt/lists/*
 
 # Create a user group named trg and a user named wanderer with specified UID and GID
@@ -108,6 +109,12 @@ RUN pnpm install -g node-version-audit \
     better-npm-audit \
     installed-check
 
+# Install snyk
+RUN pnpm install -g snyk
+
+# Install retire.js
+RUN pnpm install -g retire
+
 # Install detect-secrets
 RUN pipx install detect-secrets
 
@@ -117,6 +124,9 @@ RUN pipx install gitxray
 # Install semgrep
 RUN pipx install semgrep
 
+# Install nodejsscan
+RUN pipx install nodejsscan
+
 # pipx environment path set
 RUN pipx ensurepath
 
@@ -140,6 +150,19 @@ RUN git clone https://github.com/shortdoom/gh-fake-analyzer.git \
     && pip install -r requirements.txt \
     && exit
 
+# Install legitify
+RUN git clone https://github.com/Legit-Labs/legitify \
+    && cd legitify \
+    && go build \
+    && sudo ln -s /src/legitify/legitify /usr/local/bin/legitify
+
+# Install kics
+RUN git clone https://github.com/Checkmarx/kics.git \
+    && cd kics \
+    && go mod vendor \
+    && go build -o ./bin/kics cmd/console/main.go \
+    && sudo ln -s /src/kics/bin/kics /usr/local/bin/kics
+
 # Create a script to run the gh-fake-analyzer
 USER root
 
@@ -161,18 +184,34 @@ RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --
 RUN wget -qO - https://github.com/trufflesecurity/trufflehog/releases/download/v3.82.6/trufflehog_3.82.6_linux_$(dpkg --print-architecture).tar.gz | \
     sudo tar -xzf - trufflehog -C /usr/local/bin
 
+# Install hadolint
+RUN arch=$(dpkg --print-architecture) \
+    && if [ "$arch" = "amd64" ]; then arch="x86_64"; fi \
+    && wget -q https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-$arch \
+    && chmod +x hadolint-Linux-$arch \
+    && sudo mv hadolint-Linux-$arch /usr/local/bin/hadolint
+
+
+# Install grype
+RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
+
+# Install dependency-check
+RUN DEPCHECK_VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt) \
+    && curl -Ls "https://github.com/jeremylong/DependencyCheck/releases/download/v${DEPCHECK_VERSION}/dependency-check-${DEPCHECK_VERSION}-release.zip" \
+    --output dependency-check.zip \
+    && unzip dependency-check.zip \
+    && chmod +x dependency-check/bin/dependency-check.sh \
+    && sudo ln -s /src/dependency-check/bin/dependency-check.sh /usr/local/bin/dependency-check
+
 # Install 2ms
-RUN wget -qO - https://github.com/checkmarx/2ms/releases/latest/download/linux-amd64.zip | \
+RUN wget -qO - https://github.com/checkmarx/2ms/releases/latest/download/linux-$(dpkg --print-architecture).zip | \
     funzip - | sudo tee /usr/local/bin/2ms > /dev/null \
     && sudo chmod +x /usr/local/bin/2ms
 
 # Install clair
 RUN sudo wget -qO /usr/local/bin/clair https://github.com/quay/clair/releases/download/v4.7.4/clairctl-linux-$(dpkg --print-architecture) \
     && sudo chmod +x /usr/local/bin/clair
 
-# Install snyk
-RUN pnpm install -g snyk
-
 # Install Grype
 RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin