4435e7ea0a
Services: Admin-Compliance, Backend-Compliance, AI-Compliance-SDK, Consent-SDK, Developer-Portal, PCA-Platform, DSMS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
46 lines
1.4 KiB
Docker
46 lines
1.4 KiB
Docker
# Build stage
|
|
FROM golang:1.22-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
RUN apk add --no-cache git
|
|
|
|
COPY go.mod go.sum* ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o security-scanner .
|
|
|
|
# Runtime stage with security tools
|
|
FROM alpine:3.19
|
|
|
|
WORKDIR /app
|
|
|
|
# Install security tools
|
|
RUN apk --no-cache add ca-certificates curl git python3 py3-pip nodejs npm && \
|
|
# Install gitleaks
|
|
curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz | tar xz -C /usr/local/bin && \
|
|
# Install trivy
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin && \
|
|
# Install grype
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin && \
|
|
# Install syft
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin && \
|
|
# Install semgrep
|
|
pip3 install --break-system-packages semgrep bandit && \
|
|
# Cleanup
|
|
rm -rf /var/cache/apk/*
|
|
|
|
COPY --from=builder /app/security-scanner .
|
|
|
|
RUN adduser -D -g '' appuser
|
|
USER appuser
|
|
|
|
EXPOSE 8083
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget --no-verbose --tries=1 --spider http://localhost:8083/health || exit 1
|
|
|
|
CMD ["./security-scanner"]
|