Skip to content

Commit

Permalink
Init Trivy db in MegaLinter Docker image (#4062)
Browse files Browse the repository at this point in the history 
* Init Trivy db in MegaLinter Docker image

Fixes #3969

* Trivy: Retry 10 times in case of TooManyRequests when downloading vulnerability database

* cspell

* [MegaLinter] Apply linters fixes

---------

Co-authored-by: nvuillam <[email protected]>
  • Loading branch information
@nvuillam
nvuillam and nvuillam authored Sep 30, 2024
1 parent fa2c384 commit f6973b2
Show file tree
Hide file tree
Showing 24 changed files with 102 additions and 38 deletions.
1 change: 1 addition & 0 deletions .cspell.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
"SOURCEBRANCHNAME",
"St\u00e9phane",
"Suero",
"TOOMANYREQUESTS",
"Ywarn",
"abefhkmnptuvx",
"admiralawkbar",
Expand Down
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
- Media

- Linters enhancements
- Trivy: Retry 10 times in case of TooManyRequests when downloading vulnerability database
- Trivy: Embed vulnerability database in Docker Image for running trivy on internet-free network

- Fixes
- Add debug traces to investigate reporters activation
Expand Down
4 changes: 3 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,10 +761,12 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh |
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress \
#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/c_cpp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,12 +314,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/ci_light/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,12 +214,14 @@ ENV JAVA_HOME_17=/usr/lib/jvm/java-17-openjdk
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/cupcake/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -519,12 +519,14 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset
# Managed with COPY --from=kics /app/bin/assets /usr/bin/assets
#
# trivy installation
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/documentation/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,12 +311,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/dotnet/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,12 +376,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/dotnetweb/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -398,12 +398,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/go/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,12 +328,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/java/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -387,12 +387,14 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/javascript/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,12 +335,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/php/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,12 +364,14 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/python/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,12 +326,14 @@ ENV MYPY_CACHE_DIR=/tmp
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/ruby/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,12 +322,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/rust/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,12 +311,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
4 changes: 3 additions & 1 deletion flavors/salesforce/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,10 +336,12 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress \
#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/security/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,12 +250,14 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/swift/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,12 +314,14 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel
&& curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 \
#
# trivy installation
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
&& wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
6 changes: 4 additions & 2 deletions flavors/terraform/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,12 +336,14 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset
# Managed with COPY --from=kics /app/bin/assets /usr/bin/assets
#
# trivy installation
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
# trivy-sbom installation
# Next line commented because already managed by another linter
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
# && trivy image --download-db-only --no-progress
#
# trufflehog installation
# Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
Expand Down
3 changes: 2 additions & 1 deletion linters/repository_trivy/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,8 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \
#############################################################################################
#OTHER__START
# trivy installation
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
&& trivy image --download-db-only --no-progress

#
#OTHER__END
Expand Down
Loading

0 comments on commit f6973b2

Please sign in to comment.