move tooling inside a single, centralized container

.github/workflows/test-tools.yml

@@ -1,4 +1,4 @@
-name: Test Container Sec Tools
+name: Test Security Tools container build
 
 on:
   push:
@@ -16,9 +16,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Build and test all tools
+      - name: Build and test container
         run: |
-          for tool in $(make list | tail -n +2); do
-            echo "Testing tool: $tool"
-            make test $tool
-          done
+          make test

Dockerfile

@@ -0,0 +1,15 @@
+# Already Dockerized tools
+FROM aquasec/trivy:latest AS trivy
+FROM ghcr.io/trufflesecurity/trufflehog:latest AS trufflehog
+
+FROM debian:bookworm-slim AS final
+
+# Install tools from their Docker images
+COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
+RUN echo "trivy" >> /tools.txt
+
+COPY --from=trufflehog /usr/bin/trufflehog /usr/bin/trufflehog
+RUN echo "trufflehog" >> /tools.txt
+
+WORKDIR /workdir
+CMD ["/bin/bash"]

Makefile

@@ -1,87 +1,82 @@
-.DEFAULT_GOAL := help
+.PHONY: build clean exec run test help list
 
-TOOLS := trivy trufflehog
+IMAGE_NAME := security-tools
+.DEFAULT_GOAL := list
 
-.PHONY: help build-all build run list clean test
+ifneq (,$(filter run,$(firstword $(MAKECMDGOALS))))
+  ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  $(eval $(ARGS):;@:)
+endif
 
 help:
 	@echo "Usage:"
-	@echo "  make <target> [tool] [args...]"
+	@echo "  make <target>"
 	@echo ""
 	@echo "Targets:"
-	@echo "  build-all                Build Docker images for all tools"
-	@echo "  build <tool>             Build Docker image for a specific tool (e.g., make build trivy)"
-	@echo "  run <tool> -- [args...]  Run a specific tool (e.g., make run trufflehog -- git ssh://github.com/reynico/container-sec-tools --only-verified)"
-	@echo "  list                     List all available tools"
-	@echo "  clean                    Remove all Docker images"
-	@echo "  test <tool>              Test a specific tool to check if it runs without errors"
+	@echo "  build    Build the Docker image"
+	@echo "  exec     Run an interactive shell inside the container"
+	@echo "  test     Run tests to verify the Docker image and tools"
+	@echo "  list     List the installed tools"
+	@echo "  clean    Remove the Docker image"
 	@echo ""
-	@echo "Available tools:"
-	@echo "  $(TOOLS)"
+	@echo "Optional target with parameters:"
+	@echo "  run      Run a command inside the Docker container"
+	@echo ""
+	@echo "Examples:"
+	@echo "  make"
+	@echo "  make build"
+	@echo "  make exec"
+	@echo "  make test"
+	@echo "  make clean"
+	@echo "  make run trivy image python:3.4-alpine"
 	@echo ""
-
-build-all:
-	@for tool in $(TOOLS); do \
-		echo "Building Docker image for $$tool"; \
-		docker build -t $$tool -f $$tool.Dockerfile .; \
-	done
 
 build:
-	@tool="$(word 2,$(MAKECMDGOALS))"; \
-	if [ -z "$$tool" ]; then \
-		echo "Please specify a tool. Available tools: $(TOOLS)"; \
-		exit 1; \
-	fi; \
-	if echo "$(TOOLS)" | grep -wq "$$tool"; then \
-		echo "Building Docker image for $$tool"; \
-		docker build -t $$tool -f $$tool.Dockerfile .; \
-	else \
-		echo "Tool $$tool not found. Available tools: $(TOOLS)"; \
-		exit 1; \
+	@if ! docker images $(IMAGE_NAME) | awk '{ print $$1 }' | grep -q "^$(IMAGE_NAME)$$"; then \
+		echo "Docker image $(IMAGE_NAME) not found. Building now..."; \
+		docker build -t $(IMAGE_NAME) .; \
 	fi
-	@exit 0
-
-run:
-	@ARGS="$(filter-out $@,$(MAKECMDGOALS))"; \
-	export TOOLS="$(TOOLS)"; \
-	./run_tool.sh $$ARGS
-	@exit 0
 
-list:
-	@echo "Available tools:"
-	@echo "  $(TOOLS)"
+exec: build
+	@echo "Running interactive shell inside the $(IMAGE_NAME) container..."
+	@docker run --rm -it -v $(PWD):/workdir $(IMAGE_NAME) /bin/bash
 
 clean:
-	@echo "Removing Docker images..."
-	@for tool in $(TOOLS); do \
-		echo "Removing $$tool image..."; \
-		docker rmi $$tool || true; \
-	done
-	@echo "All images removed."
+	@echo "Removing Docker image: $(IMAGE_NAME)"
+	-@docker rmi $(IMAGE_NAME)
 
-test:
-	@tool="$(word 2,$(MAKECMDGOALS))"; \
-	if [ -z "$$tool" ]; then \
-		echo "Please specify a tool to test. Available tools: $(TOOLS)"; \
-		exit 1; \
-	fi; \
-	if echo "$(TOOLS)" | grep -wq "$$tool"; then \
-		echo "Testing Docker image for $$tool"; \
-		make build $$tool; \
-		echo "Running $$tool to ensure it executes without errors..."; \
-		docker run --rm $$tool; \
-		if [ $$? -eq 0 ]; then \
-			echo "Test for $$tool passed!"; \
+run: build
+	@echo "Running command inside the $(IMAGE_NAME) container..."
+	@docker run --rm -it -v $(PWD):/workdir $(IMAGE_NAME) $(ARGS)
+
+test: build
+	@echo "Running tests to verify the $(IMAGE_NAME) image and tools..."
+	@docker run --rm -v $(PWD):/workdir $(IMAGE_NAME) /bin/bash -c "\
+		echo 'Testing installed tools...'; \
+		if [ -f /tools.txt ]; then \
+			for tool in \$$(cat /tools.txt); do \
+				echo 'Testing' \$$tool '...'; \
+				\$$tool --version || echo '\$tool failed'; \
+				echo ''; \
+			done; \
+			echo 'All tests completed successfully.'; \
 		else \
-			echo "Test for $$tool failed!"; \
+			echo 'No tools found to test.'; \
 			exit 1; \
-		fi; \
-	else \
-		echo "Tool $$tool not found. Available tools: $(TOOLS)"; \
+		fi \
+	"
+
+list: build help
+	@if ! docker images $(IMAGE_NAME) | awk '{ print $$1 }' | grep -q "^$(IMAGE_NAME)$$"; then \
+		echo "Docker image '$(IMAGE_NAME)' not found. Please run 'make build' first."; \
 		exit 1; \
 	fi
-	@exit 0
-
-# Prevent make from interpreting additional arguments as targets
-%:
-	@:
+	@docker run --rm $(IMAGE_NAME) /bin/bash -c "\
+		if [ -f /tools.txt ]; then \
+			echo ''; \
+			echo 'Installed Tools:'; \
+			cat /tools.txt; \
+		else \
+			echo 'No tools found.'; \
+		fi \
+	"

README.md

@@ -1,20 +1,33 @@
 # container-sec-tools
-Container/s with OSS security tools
+Unified container with OSS security tools, just `make exec` and dive into the container!
 
 ## Usage
 
 ```bash
 % make
 Usage:
-  make <target> [tool] [args...]
+  make <target>
 
 Targets:
-  build-all                Build Docker images for all tools
-  build <tool>             Build Docker image for a specific tool (e.g., make build trivy)
-  run <tool> -- [args...]  Run a specific tool (e.g., make run trufflehog -- git ssh://github.com/reynico/container-sec-tools --only-verified)
-  list                     List all available tools
-  clean                    Remove all Docker images
+  build    Build the Docker image
+  exec     Run an interactive shell inside the container
+  test     Run tests to verify the Docker image and tools
+  list     List the installed tools
+  clean    Remove the Docker image
 
-Available tools:
-  trivy trufflehog
+Optional target with parameters:
+  run      Run a command inside the Docker container
+
+Examples:
+  make
+  make build
+  make exec
+  make test
+  make clean
+  make run trivy image python:3.4-alpine
+
+
+Installed Tools:
+trivy
+trufflehog
 ```