mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-07-02 03:35:43 +00:00
fixes
This commit is contained in:
@@ -0,0 +1,58 @@
|
||||
# Scanning Engine - Background Scanner Worker
|
||||
FROM alpine:latest
|
||||
|
||||
# Install scanning tools and runtime dependencies
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
tzdata \
|
||||
git \
|
||||
curl \
|
||||
wget \
|
||||
bash \
|
||||
&& update-ca-certificates
|
||||
|
||||
# Install Trivy for container scanning
|
||||
RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | \
|
||||
wget -O /tmp/trivy.tar.gz https://github.com/aquasecurity/trivy/releases/latest/download/trivy_$(uname -s)_$(uname -m).tar.gz && \
|
||||
tar -xzf /tmp/trivy.tar.gz -C /usr/local/bin && \
|
||||
rm /tmp/trivy.tar.gz && \
|
||||
chmod +x /usr/local/bin/trivy
|
||||
|
||||
# Install Grype for vulnerability scanning
|
||||
RUN wget -qO - https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
||||
|
||||
# Create non-root user
|
||||
RUN addgroup -g 1000 scanner && \
|
||||
adduser -D -u 1000 -G scanner scanner
|
||||
|
||||
# Create necessary directories
|
||||
RUN mkdir -p /data/cache /data/scans && \
|
||||
chown -R scanner:scanner /data
|
||||
|
||||
# Copy binary
|
||||
COPY gohoarder /usr/local/bin/gohoarder
|
||||
RUN chmod +x /usr/local/bin/gohoarder
|
||||
|
||||
# Copy example config
|
||||
COPY config.yaml.example /etc/gohoarder/config.yaml.example
|
||||
|
||||
WORKDIR /data
|
||||
USER scanner
|
||||
|
||||
# Expose metrics port
|
||||
EXPOSE 9091
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=60s --timeout=30s --start-period=10s --retries=3 \
|
||||
CMD ["/usr/local/bin/gohoarder", "version"] || exit 1
|
||||
|
||||
# Environment variables for scanner mode
|
||||
ENV SCANNER_MODE=true \
|
||||
SCANNER_WORKERS=4 \
|
||||
SCANNER_INTERVAL=300
|
||||
|
||||
# Run the scanner in background mode
|
||||
# Note: You may need to add a scanner-specific command to your CLI
|
||||
# For now, this assumes the serve command can run in scanner mode
|
||||
ENTRYPOINT ["/usr/local/bin/gohoarder"]
|
||||
CMD ["serve", "--scanner-only"]
|
||||
Reference in New Issue
Block a user