github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/Dockerfile (about) 1 FROM golang:1.22.0 AS build 2 WORKDIR /go/src/github.com/khulnasoft-lab/kube-bench/ 3 COPY makefile makefile 4 COPY go.mod go.sum ./ 5 COPY main.go . 6 COPY check/ check/ 7 COPY cmd/ cmd/ 8 COPY internal/ internal/ 9 ARG KUBEBENCH_VERSION 10 RUN make build && cp kube-bench /go/bin/kube-bench 11 12 FROM alpine:3.19.1 AS run 13 WORKDIR /opt/kube-bench/ 14 # add GNU ps for -C, -o cmd, and --no-headers support 15 # https://github.com/khulnasoft-lab/kube-bench/issues/109 16 RUN apk --no-cache add procps 17 18 # Upgrading apk-tools to remediate CVE-2021-36159 - https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752 19 # https://github.com/khulnasoft-lab/kube-bench/issues/943 20 RUN apk --no-cache upgrade apk-tools 21 22 # Openssl is used by OpenShift tests 23 # https://github.com/khulnasoft-lab/kube-bench/issues/535 24 # Ensuring that we update/upgrade before installing openssl, to mitigate CVE-2021-3711 and CVE-2021-3712 25 RUN apk update && apk upgrade && apk --no-cache add openssl 26 27 # Add glibc for running oc command 28 RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub 29 RUN apk add gcompat 30 RUN apk add jq 31 32 ENV PATH=$PATH:/usr/local/mount-from-host/bin 33 34 COPY --from=build /go/bin/kube-bench /usr/local/bin/kube-bench 35 COPY entrypoint.sh . 36 COPY cfg/ cfg/ 37 ENTRYPOINT ["./entrypoint.sh"] 38 CMD ["install"] 39 40 # Build-time metadata as defined at http://label-schema.org 41 ARG BUILD_DATE 42 ARG VCS_REF 43 LABEL org.label-schema.build-date=$BUILD_DATE \ 44 org.label-schema.name="kube-bench" \ 45 org.label-schema.description="Run the CIS Kubernetes Benchmark tests" \ 46 org.label-schema.url="https://github.com/khulnasoft-lab/kube-bench" \ 47 org.label-schema.vcs-ref=$VCS_REF \ 48 org.label-schema.vcs-url="https://github.com/khulnasoft-lab/kube-bench" \ 49 org.label-schema.schema-version="1.0"