diff --git a/.github/workflows/test-tools.yml b/.github/workflows/test-tools.yml index 8814814..90d5b83 100644 --- a/.github/workflows/test-tools.yml +++ b/.github/workflows/test-tools.yml @@ -1,4 +1,4 @@ -name: Test Container Sec Tools +name: Test Security Tools container build on: push: @@ -16,9 +16,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Build and test all tools + - name: Build and test container run: | - for tool in $(make list | tail -n +2); do - echo "Testing tool: $tool" - make test $tool - done + make test diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3cb50f4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +# Already Dockerized tools +FROM aquasec/trivy:latest AS trivy +FROM ghcr.io/trufflesecurity/trufflehog:latest AS trufflehog + +FROM debian:bookworm-slim AS final + +# Install tools from their Docker images +COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy +RUN echo "trivy" >> /tools.txt + +COPY --from=trufflehog /usr/bin/trufflehog /usr/bin/trufflehog +RUN echo "trufflehog" >> /tools.txt + +WORKDIR /workdir +CMD ["/bin/bash"] diff --git a/Makefile b/Makefile index 7ac4baa..a408f1a 100644 --- a/Makefile +++ b/Makefile @@ -1,87 +1,82 @@ -.DEFAULT_GOAL := help +.PHONY: build clean exec run test help list -TOOLS := trivy trufflehog +IMAGE_NAME := security-tools +.DEFAULT_GOAL := list -.PHONY: help build-all build run list clean test +ifneq (,$(filter run,$(firstword $(MAKECMDGOALS)))) + ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS)) + $(eval $(ARGS):;@:) +endif help: @echo "Usage:" - @echo " make [tool] [args...]" + @echo " make " @echo "" @echo "Targets:" - @echo " build-all Build Docker images for all tools" - @echo " build Build Docker image for a specific tool (e.g., make build trivy)" - @echo " run -- [args...] Run a specific tool (e.g., make run trufflehog -- git ssh://github.com/reynico/container-sec-tools --only-verified)" - @echo " list List all available tools" - @echo " clean Remove all Docker images" - @echo " test Test a specific tool to check if it runs without errors" + @echo " build Build the Docker image" + @echo " exec Run an interactive shell inside the container" + @echo " test Run tests to verify the Docker image and tools" + @echo " list List the installed tools" + @echo " clean Remove the Docker image" @echo "" - @echo "Available tools:" - @echo " $(TOOLS)" + @echo "Optional target with parameters:" + @echo " run Run a command inside the Docker container" + @echo "" + @echo "Examples:" + @echo " make" + @echo " make build" + @echo " make exec" + @echo " make test" + @echo " make clean" + @echo " make run trivy image python:3.4-alpine" @echo "" - -build-all: - @for tool in $(TOOLS); do \ - echo "Building Docker image for $$tool"; \ - docker build -t $$tool -f $$tool.Dockerfile .; \ - done build: - @tool="$(word 2,$(MAKECMDGOALS))"; \ - if [ -z "$$tool" ]; then \ - echo "Please specify a tool. Available tools: $(TOOLS)"; \ - exit 1; \ - fi; \ - if echo "$(TOOLS)" | grep -wq "$$tool"; then \ - echo "Building Docker image for $$tool"; \ - docker build -t $$tool -f $$tool.Dockerfile .; \ - else \ - echo "Tool $$tool not found. Available tools: $(TOOLS)"; \ - exit 1; \ + @if ! docker images $(IMAGE_NAME) | awk '{ print $$1 }' | grep -q "^$(IMAGE_NAME)$$"; then \ + echo "Docker image $(IMAGE_NAME) not found. Building now..."; \ + docker build -t $(IMAGE_NAME) .; \ fi - @exit 0 - -run: - @ARGS="$(filter-out $@,$(MAKECMDGOALS))"; \ - export TOOLS="$(TOOLS)"; \ - ./run_tool.sh $$ARGS - @exit 0 -list: - @echo "Available tools:" - @echo " $(TOOLS)" +exec: build + @echo "Running interactive shell inside the $(IMAGE_NAME) container..." + @docker run --rm -it -v $(PWD):/workdir $(IMAGE_NAME) /bin/bash clean: - @echo "Removing Docker images..." - @for tool in $(TOOLS); do \ - echo "Removing $$tool image..."; \ - docker rmi $$tool || true; \ - done - @echo "All images removed." + @echo "Removing Docker image: $(IMAGE_NAME)" + -@docker rmi $(IMAGE_NAME) -test: - @tool="$(word 2,$(MAKECMDGOALS))"; \ - if [ -z "$$tool" ]; then \ - echo "Please specify a tool to test. Available tools: $(TOOLS)"; \ - exit 1; \ - fi; \ - if echo "$(TOOLS)" | grep -wq "$$tool"; then \ - echo "Testing Docker image for $$tool"; \ - make build $$tool; \ - echo "Running $$tool to ensure it executes without errors..."; \ - docker run --rm $$tool; \ - if [ $$? -eq 0 ]; then \ - echo "Test for $$tool passed!"; \ +run: build + @echo "Running command inside the $(IMAGE_NAME) container..." + @docker run --rm -it -v $(PWD):/workdir $(IMAGE_NAME) $(ARGS) + +test: build + @echo "Running tests to verify the $(IMAGE_NAME) image and tools..." + @docker run --rm -v $(PWD):/workdir $(IMAGE_NAME) /bin/bash -c "\ + echo 'Testing installed tools...'; \ + if [ -f /tools.txt ]; then \ + for tool in \$$(cat /tools.txt); do \ + echo 'Testing' \$$tool '...'; \ + \$$tool --version || echo '\$tool failed'; \ + echo ''; \ + done; \ + echo 'All tests completed successfully.'; \ else \ - echo "Test for $$tool failed!"; \ + echo 'No tools found to test.'; \ exit 1; \ - fi; \ - else \ - echo "Tool $$tool not found. Available tools: $(TOOLS)"; \ + fi \ + " + +list: build help + @if ! docker images $(IMAGE_NAME) | awk '{ print $$1 }' | grep -q "^$(IMAGE_NAME)$$"; then \ + echo "Docker image '$(IMAGE_NAME)' not found. Please run 'make build' first."; \ exit 1; \ fi - @exit 0 - -# Prevent make from interpreting additional arguments as targets -%: - @: + @docker run --rm $(IMAGE_NAME) /bin/bash -c "\ + if [ -f /tools.txt ]; then \ + echo ''; \ + echo 'Installed Tools:'; \ + cat /tools.txt; \ + else \ + echo 'No tools found.'; \ + fi \ + " diff --git a/README.md b/README.md index 685d4ff..3194d3a 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,33 @@ # container-sec-tools -Container/s with OSS security tools +Unified container with OSS security tools, just `make exec` and dive into the container! ## Usage ```bash % make Usage: - make [tool] [args...] + make Targets: - build-all Build Docker images for all tools - build Build Docker image for a specific tool (e.g., make build trivy) - run -- [args...] Run a specific tool (e.g., make run trufflehog -- git ssh://github.com/reynico/container-sec-tools --only-verified) - list List all available tools - clean Remove all Docker images + build Build the Docker image + exec Run an interactive shell inside the container + test Run tests to verify the Docker image and tools + list List the installed tools + clean Remove the Docker image -Available tools: - trivy trufflehog +Optional target with parameters: + run Run a command inside the Docker container + +Examples: + make + make build + make exec + make test + make clean + make run trivy image python:3.4-alpine + + +Installed Tools: +trivy +trufflehog ``` \ No newline at end of file diff --git a/run_tool.sh b/run_tool.sh deleted file mode 100755 index c871c05..0000000 --- a/run_tool.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -e - -if [ "$#" -lt 1 ]; then - echo "Usage: $0 [args...]" - exit 1 -fi - -TOOL="$1" -shift - -if [ -z "$TOOLS" ]; then - echo "Error: TOOLS variable is not set." - exit 1 -fi - -if ! echo "$TOOLS" | grep -wq "$TOOL"; then - echo "Tool '$TOOL' not found. Available tools: $TOOLS" - exit 1 -fi - -if ! docker image inspect "$TOOL" > /dev/null 2>&1; then - echo "Building Docker image for $TOOL" - docker build -t "$TOOL" -f "$TOOL.Dockerfile" . -fi - -docker run --rm -it "$TOOL" "$@" diff --git a/trivy.Dockerfile b/trivy.Dockerfile deleted file mode 100644 index 1e3b877..0000000 --- a/trivy.Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM aquasec/trivy:latest - -ENTRYPOINT ["trivy"] diff --git a/trufflehog.Dockerfile b/trufflehog.Dockerfile deleted file mode 100644 index 9518a6e..0000000 --- a/trufflehog.Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM trufflesecurity/trufflehog:latest - -ENTRYPOINT ["/etc/entrypoint.sh"]