Skip to content

Commit c5812a4

Browse files
committed
add new target to scan docker image
1 parent 1d0ee19 commit c5812a4

2 files changed

Lines changed: 8 additions & 0 deletions

File tree

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ Check targets (`check.mk`)
186186
- `grype-scan-json` - Uses grype to scan for vulnerabilities. Uses an sbom generated by `syft-generate-sbom` target to find dependencies. Outputs file to .sbom/grype_analysis.json
187187
- `grype-scan-json-dev-dependencies` - Uses grype to scan for vulnerabilities. Uses an sbom generated by `syft-generate-sbom-dev-dependencies` target to find dependencies. Outputs file to .sbom/grype_analysis.dev.json
188188
- `grype-scan-local` - Uses grype to scan local folders for vulnerabilities. This is installed as a pre-commit hook in each project.
189+
- `grype-scan-docker-image` - Uses grype to scan a docker image for vulnerabilities. This image to scan must be set in the environment variable DOCKER_IMAGE
189190
- `grant-scan` - Uses grant to scan for possible incompatible licenses. Uses an sbom generated by `syft-generate-sbom` target to find dependencies.
190191
- `grant-scan-dev-dependencies` - Uses grant to scan for possible incompatible licenses. Uses an sbom generated by `syft-generate-sbom-dev-dependencies` target to find dependencies.
191192
- `grant-scan-json` - Uses grant to scan for possible incompatible licenses. Uses an sbom generated by `syft-generate-sbom` target to find dependencies. Outputs file to .sbom/grant_analysis.json

src/base/.devcontainer/Mk/check.mk

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,13 @@ grype-scan-local:
132132
grype \
133133
--fail-on high \
134134
.
135+
136+
grype-scan-docker-image: guard-DOCKER_IMAGE
137+
grype "${DOCKER_IMAGE}" \
138+
--scope all-layers \
139+
--sort-by severity \
140+
--fail-on high
141+
135142
grant-scan: syft-generate-sbom
136143
grant check \
137144
.sbom/sbom.cdx.json

0 commit comments

Comments
 (0)