From 960218d94d7cda7d349fa35d96f68237063f0c3d Mon Sep 17 00:00:00 2001
From: matta <matt@theredguild.org>
Date: Tue, 15 Oct 2024 16:52:57 -0300
Subject: [PATCH] Adding new tool Dockle

---
 Dockerfile |  7 +++++++
 HOWTO.md   | 26 ++++++++++++++++++++++++++
 README.md  |  1 +
 3 files changed, 34 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 4406a92..61cfbc8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -192,6 +192,13 @@ RUN DEPCHECK_VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/curr
     && chmod +x dependency-check/bin/dependency-check.sh \
     && sudo ln -s /src/dependency-check/bin/dependency-check.sh /usr/local/bin/dependency-check
 
+# Install dockle
+RUN VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
+    grep '"tag_name":' | \
+    sed -E 's/.*"v([^"]+)".*/\1/') \
+    && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb \
+    && sudo dpkg -i dockle.deb && rm dockle.deb
+
 # Install 2ms
 RUN wget -qO - https://github.com/checkmarx/2ms/releases/latest/download/linux-$(dpkg --print-architecture).zip | \
     funzip - | sudo tee /usr/local/bin/2ms > /dev/null \
diff --git a/HOWTO.md b/HOWTO.md
index 079cb5a..96891f9 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -45,6 +45,7 @@ nodejsscan, retirejs, installed-check, better-npm-audit, eslint-plugin-security,
   - [ScoutSuite | Multi-cloud security-auditing tool](#scoutsuite--multi-cloud-security-auditing-tool)
   - [Cloudsplaining | AWS IAM assessment tool](#cloudsplaining--aws-iam-assessment-tool)
   - [Hadolint | Scans Dockerfiles for good linting practices](#hadolint--scans-dockerfiles-for-good-linting-practices)
+  - [Dockle | Container image linter for security](#dockle--container-image-linter-for-security)
   - [DependencyCheck | Checks for public vulns on dependencies](#dependencycheck--checks-for-public-vulns-on-dependencies)
   - [nodejsscan | NodeJS application code scanner](#nodejsscan--nodejs-application-code-scanner)
   - [Lavamoat | JS framework to prevent supply-chain attacks](#lavamoat--js-framework-to-prevent-supply-chain-attacks)
@@ -68,6 +69,7 @@ nodejsscan, retirejs, installed-check, better-npm-audit, eslint-plugin-security,
     - [2ms Action | Apply too many secrets to your workflow](#2ms-action--apply-too-many-secrets-to-your-workflow)
     - [GitLeaks Action | Add gitleaks as a github action](#gitleaks-action--add-gitleaks-as-a-github-action)
     - [Trufflehog Action | Continuously scan for secrets](#trufflehog-action--continuously-scan-for-secrets)
+  - [Dockle action | Cointinuously scan for security issues in Docker files](#dockle-action--cointinuously-scan-for-security-issues-in-docker-files)
   - [Online version of some tools](#online-version-of-some-tools)
 
 ## GitXray | Harvest public information from GitHub APIs 
@@ -701,6 +703,26 @@ Dockerfile:8 DL3008 warning: Pin versions in apt get install. Instead of `apt-ge
 Dockerfile:8 DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
 ```
 
+## Dockle | Container image linter for security
+
+[GitHub](https://github.com/goodwithtech/dockle) | [Website](https://containers.goodwith.tech/) | [Action](https://github.com/goodwithtech/dockle-action)
+Docker | Linter
+
+1. Build [Best Practice](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/) Docker images
+2. Build secure Docker images
+Checkpoints includes [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
+
+```bash
+# Scan an image name (and a tag)
+dockle goodwithtech/test-image:v1
+
+# Scan an image file
+docker save alpine:latest -o alpine.tar
+dockle --input alpine.tar
+```
+
+For more examples go to their [docs](https://github.com/goodwithtech/dockle?tab=readme-ov-file#common-examples).
+
 ## DependencyCheck | Checks for public vulns on dependencies
 
 [GitHub](https://github.com/jeremylong/DependencyCheck)
@@ -1082,6 +1104,10 @@ Runs Trivy as GitHub action to scan your Docker container image for vulnerabilit
 
 **Scan | Secrets**
 
+## Dockle action | Cointinuously scan for security issues in Docker files
+
+[Action](https://github.com/marketplace/actions/dockle-container-image-linter)
+
 ## Online version of some tools
 
 [Scan a repo with **KICS**](https://kics.checkmarx.net/) - upt to 4mb
diff --git a/README.md b/README.md
index 4504223..d346c5a 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,7 @@ Examples:
   - [x] scoutsuite: Multi-Cloud Security Auditing Tool. (<https://github.com/nccgroup/ScoutSuite>)
   - [x] Cloudsplaining: AWS IAM assessment tool (<https://github.com/salesforce/cloudsplaining>)
   - [x] hadolint: Dockerfile linter. (<https://github.com/hadolint/hadolint>)
+  - [x] dockle: Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start. (<https://github.com/goodwithtech/dockle>)
 
 - [x] Dependency & lib checkers:
   - [x] DependencyCheck: OWASP dependency-check is a software composition analysis utility that