Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added tool 2ms and zsh prompt coloring #8

Merged
merged 2 commits into from
Oct 3, 2024
Merged

Added tool 2ms and zsh prompt coloring #8

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7ab4c04
Improved environment for npm, asdf, go. Using src working dir, and in…
mattaereal Oct 2, 2024
613b0d1
Added 2ms tool and improved zsh prompt style
mattaereal Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 58 additions & 21 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ RUN apt-get update && apt-get install -y \
zsh \
pipx \
sudo \
# # Does this make sense with asdf installing nodejs?
npm \
make \
vim \
unzip \
&& rm -rf /var/lib/apt/lists/*

# Create a user group named trg and a user named wanderer with specified UID and GID
Expand All @@ -47,35 +47,46 @@ RUN usermod -aG sudo $USERNAME
# Switch to the new user
USER $USERNAME

# Explicitly setting user home
ENV HOME="/home/wanderer"

# Set the default shell to zsh
ENV SHELL=/usr/bin/zsh

# Running everything under zsh
SHELL ["/usr/bin/zsh", "-c"]

RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.14.1 \
&& echo '. $HOME/.asdf/asdf.sh' >> $HOME/.zshrc \
# Set the prompt
RUN echo "autoload -U colors && colors" >> $HOME/.zshrc
RUN echo 'export "PS1=%F{green}%n@%m %F{blue}%1~ %F{yellow}➜ %f "' >> $HOME/.zshrc

# Building everything inside /src
WORKDIR /src

ENV ASDF_DIR="$HOME/.asdf"
RUN git clone https://github.com/asdf-vm/asdf.git $ASDF_DIR --branch v0.14.1
RUN echo '. $ASDF_DIR/asdf.sh' >> $HOME/.zshrc \
&& echo 'fpath=(${ASDF_DIR}/completions $fpath)' >> $HOME/.zshrc \
&& echo 'autoload -Uz compinit && compinit' >> $HOME/.zshrc \
&& . $HOME/.asdf/asdf.sh
&& . $ASDF_DIR/asdf.sh

ENV PATH="${ASDF_DIR}/bin:${ASDF_DIR}/shims:$PATH"

# Install Node.js and Go using asdf
RUN . $HOME/.asdf/asdf.sh \
RUN . $ASDF_DIR/asdf.sh \
&& asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git \
&& asdf install nodejs latest \
&& asdf global nodejs latest \
&& sudo npm install -g pnpm
&& asdf global nodejs latest

RUN . $HOME/.asdf/asdf.sh \
RUN . $ASDF_DIR/asdf.sh \
&& asdf plugin add golang https://github.com/asdf-community/asdf-golang.git \
&& asdf install golang latest \
&& asdf global golang latest

# # Install pnpm using npm installed via asdf Node.js
# RUN sudo npm install -g pnpm

RUN npm install -g pnpm
ENV PNPM_HOME="/home/${USERNAME}/.local/share/pnpm"
ENV PATH="$PNPM_HOME:$PNPM_HOME/global/node_modules/.bin:${PATH}"
ENV PATH="${PNPM_HOME}:${PNPM_HOME}/global/node_modules/.bin:${PATH}"

# Install ESLint and plugins using pnpm
RUN pnpm install -g eslint \
Expand All @@ -91,32 +102,50 @@ RUN pnpm install -g node-version-audit \

# Set GOBIN to /usr/local/bin for Go binaries
ENV GOBIN=/usr/local/bin
ENV PATH="${GOBIN}:${PATH}"

# Install gitxray
RUN . $HOME/.asdf/asdf.sh \
go install github.com/kulkansecurity/gitxray@latest

# Install git-secrets
RUN git clone https://github.com/awslabs/git-secrets.git $HOME/secrets \
&& cd $HOME/secrets \
RUN git clone https://github.com/awslabs/git-secrets.git git-secrets
RUN cd git-secrets \
&& sudo make install \
&& rm -rf $HOME/secrets
&& rm -rf secrets

# Install detect-secrets
RUN pipx install detect-secrets

# Install pmapper
RUN pipx install pmapper
# Install gitleaks
RUN git clone https://github.com/gitleaks/gitleaks.git gitleaks \
&& cd gitleaks \
&& make build

# Install gitxray
RUN pipx install gitxray

# Install gh-fake-analyzer
RUN cd $HOME \
&& git clone https://github.com/shortdoom/gh-fake-analyzer.git \
&& cd gh-fake-analyzer \
RUN git clone https://github.com/shortdoom/gh-fake-analyzer.git
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd do https://github.com/theredguild/container-sec-tools/pull/9/files#r1786143131

RUN cd gh-fake-analyzer \
&& mv .env.example .env \
&& python3 -m venv gfa \
&& source gfa/bin/activate \
&& pip install -r requirements.txt \
&& exit


# Create a script to run the gh-fake-analyzer
USER root
RUN echo '#!/bin/zsh\n\
source /src/gh-fake-analyzer/gfa/bin/activate\n\
python3 /src/gh-fake-analyzer/analyze.py "$@"\n\
deactivate' > /usr/local/bin/gh-fake-analyzer \
&& chmod +x /usr/local/bin/gh-fake-analyzer \
&& chown -R wanderer:trg /usr/local/bin/gh-fake-analyzer

USER wanderer

# Install Trivy
RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null \
&& echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list \
Expand All @@ -126,9 +155,17 @@ RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --
RUN wget -qO - https://github.com/trufflesecurity/trufflehog/releases/download/v3.82.6/trufflehog_3.82.6_linux_$(dpkg --print-architecture).tar.gz | \
sudo tar -xzf - trufflehog -C /usr/local/bin


# Install 2ms
RUN mkdir 2ms \
&& cd 2ms \
&& wget https://github.com/checkmarx/2ms/releases/latest/download/linux-amd64.zip \
&& unzip linux-amd64.zip \
&& sudo ln -s /src/2ms/2ms /usr/local/bin/2ms

# Clean up
RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*

# Set working directory
WORKDIR /home/${USERNAME}
CMD ["/bin/bash"]
CMD ["/bin/zsh"]