Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerfile support #849

Merged
merged 34 commits into from
Aug 4, 2021

Conversation

Rchanger
Copy link
Contributor

@Rchanger Rchanger commented Jun 9, 2021

Adds: Docker as an IaC Provider.

  • Scan support for Dockerfile.
  • Support In file skip rules and resource prioritizing.

Result of scan with docker policies.

 % ./bin/terrascan scan -d integrations/atlantis -i docker -p /Users/suvarna/Desktop/docker  -o json
{
  "results": {
    "violations": [
      {
        "rule_name": "runWithSudo",
        "description": "Ensure to avoid RUN with sudo command",
        "rule_id": "AC_DOCKER_0007",
        "severity": "HIGH",
        "category": "Infrastructure Security",
        "resource_name": "Dockerfile",
        "resource_type": "docker_run",
        "file": "Dockerfile",
        "line": 5
      }
    ],
    "skipped_violations": null,
    "scan_summary": {
      "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/pkg/iac-providers/docker/v1/testdata/valid-directory/Dockerfile",
      "iac_type": "docker",
      "scanned_at": "2021-07-30 16:52:38.000245 +0000 UTC",
      "policies_validated": 8,
      "violated_policies": 1,
      "low": 0,
      "medium": 0,
      "high": 1
    }
  }
}

@codecov
Copy link

codecov bot commented Jun 9, 2021

Codecov Report

Merging #849 (32f6894) into master (aaacce2) will increase coverage by 0.28%.
The diff coverage is 96.59%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #849      +/-   ##
==========================================
+ Coverage   78.81%   79.10%   +0.28%     
==========================================
  Files         216      220       +4     
  Lines        5272     5359      +87     
==========================================
+ Hits         4155     4239      +84     
- Misses        864      866       +2     
- Partials      253      254       +1     
Impacted Files Coverage Δ
pkg/utils/skip_rules.go 93.33% <ø> (ø)
pkg/iac-providers/docker/v1/load-file.go 92.85% <92.85%> (ø)
pkg/iac-providers/docker.go 100.00% <100.00%> (ø)
pkg/iac-providers/docker/v1/load-dir.go 100.00% <100.00%> (ø)
pkg/iac-providers/docker/v1/parser.go 100.00% <100.00%> (ø)
pkg/runtime/executor.go 88.42% <100.00%> (ø)

@Rchanger Rchanger linked an issue Jun 9, 2021 that may be closed by this pull request
@Rchanger Rchanger marked this pull request as draft June 16, 2021 08:35
@Rchanger Rchanger marked this pull request as ready for review June 18, 2021 12:34
Copy link
Contributor

@devang-gaur devang-gaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a testfile demonstrating scan of a Dockerfile that includes multi-staging build

https://docs.docker.com/develop/develop-images/multistage-build/

pkg/iac-providers/docker/v1/load-dir.go Outdated Show resolved Hide resolved
pkg/iac-providers/docker/v1/load-dir.go Show resolved Hide resolved
@Rchanger Rchanger force-pushed the sr_798_dockerfile_support branch from 9417c83 to a82f352 Compare June 24, 2021 06:11
@amirbenv amirbenv changed the title Dockerfile support Dockerfile support - IaC provider - wait for policies Jun 30, 2021
@Rchanger Rchanger force-pushed the sr_798_dockerfile_support branch from a82f352 to 9b8e5a6 Compare June 30, 2021 17:00
Copy link
Contributor

@kanchwala-yusuf kanchwala-yusuf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a request to be generous with comments. Ideally, a new contributor should be able to understand the code only from the comments.

pkg/iac-providers/docker/v1/load-file.go Outdated Show resolved Hide resolved
pkg/iac-providers/docker/v1/parser.go Outdated Show resolved Hide resolved
kanchwala-yusuf
kanchwala-yusuf previously approved these changes Jul 1, 2021
@Rchanger Rchanger force-pushed the sr_798_dockerfile_support branch from e87a1ce to 8f7d7d5 Compare July 1, 2021 17:08
@Rchanger Rchanger requested a review from devang-gaur July 12, 2021 04:37
@Rchanger Rchanger force-pushed the sr_798_dockerfile_support branch from 8f7d7d5 to ac64ef9 Compare July 15, 2021 06:10
@Rchanger Rchanger force-pushed the sr_798_dockerfile_support branch from 488eeed to 840cff4 Compare July 29, 2021 08:09
@Rchanger Rchanger changed the title Dockerfile support - IaC provider - wait for policies Dockerfile support Jul 29, 2021
@Rchanger Rchanger requested a review from cesar-rodriguez July 29, 2021 11:29
Copy link
Contributor

@cesar-rodriguez cesar-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a warning for when you specify the -i docker flag and no Dockerfiles were found?

@Rchanger
Copy link
Contributor Author

Rchanger commented Aug 2, 2021

Can we add a warning for when you specify the -i docker flag and no Dockerfiles were found?

Yes, added changes for warning

cesar-rodriguez
cesar-rodriguez previously approved these changes Aug 2, 2021
@Rchanger
Copy link
Contributor Author

Rchanger commented Aug 3, 2021

Please add a testfile demonstrating scan of a Dockerfile that includes multi-staging build

https://docs.docker.com/develop/develop-images/multistage-build/

This test case has been pushed, you can review that
Thanks

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 3, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Dockerfile Support
6 participants