Add new tools: Clair, Snyk, Grype

.github/workflows/test-tools.yml

@@ -4,11 +4,13 @@ on:
   push:
     branches:
       - main
+      - develop
     paths:
       - Dockerfile
   pull_request:
     branches:
       - main
+      - develop
     paths:
       - Dockerfile
 

Dockerfile

@@ -155,13 +155,29 @@ RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --
 RUN wget -qO - https://github.com/trufflesecurity/trufflehog/releases/download/v3.82.6/trufflehog_3.82.6_linux_$(dpkg --print-architecture).tar.gz | \
     sudo tar -xzf - trufflehog -C /usr/local/bin
 
-
 # Install 2ms
-RUN mkdir 2ms \
-    && cd 2ms \
-    && wget https://github.com/checkmarx/2ms/releases/latest/download/linux-amd64.zip \
-    && unzip linux-amd64.zip \
-    && sudo ln -s /src/2ms/2ms /usr/local/bin/2ms
+RUN wget -qO - https://github.com/checkmarx/2ms/releases/latest/download/linux-amd64.zip | \
+    funzip - | sudo tee /usr/local/bin/2ms > /dev/null \
+    && sudo chmod +x /usr/local/bin/2ms
+
+# Install clair
+RUN sudo wget -qO /usr/local/bin/clair https://github.com/quay/clair/releases/download/v4.7.4/clairctl-linux-$(dpkg --print-architecture) \
+    && sudo chmod +x /usr/local/bin/clair
+
+# Install snyk
+RUN ARCH=$(dpkg --print-architecture) \
+    && if [ "$ARCH" = "amd64" ]; then \
+    sudo wget -qO /usr/local/bin/snyk https://github.com/snyk/cli/releases/download/v1.1293.1/snyk-linux; \
+    elif [ "$ARCH" = "arm64" ]; then \
+    sudo wget -qO /usr/local/bin/snyk https://github.com/snyk/cli/releases/download/v1.1293.1/snyk-linux-arm64; \
+    fi \
+    && sudo chmod +x /usr/local/bin/snyk
+
+# Install Grype
+RUN ARCH=$(dpkg --print-architecture) \
+    && wget -q https://github.com/anchore/grype/releases/download/v0.81.0/grype_0.81.0_linux_$ARCH.deb \
+    && sudo dpkg -i grype_0.81.0_linux_$ARCH.deb \
+    && rm grype_0.81.0_linux_$ARCH.deb
 
 # Clean up
 RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*