-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathDockerfile.allinone
More file actions
68 lines (55 loc) · 2.49 KB
/
Dockerfile.allinone
File metadata and controls
68 lines (55 loc) · 2.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# ════════════════════════════════════════════════════════════
# ShieldCI — All-in-One Container
# One image, one command. Contains:
# • Rust orchestrator (shield-ci binary)
# • Kali security tools (sqlmap, nmap, nikto, gobuster)
# • Python MCP server (kali_mcp.py)
# • Node.js runtime (for test target apps)
#
# Usage:
# docker build -f Dockerfile.allinone -t shieldci .
# docker run --rm -v /path/to/target-repo:/workspace \
# -e OLLAMA_HOST=http://host.docker.internal:11434 \
# shieldci
# ════════════════════════════════════════════════════════════
# ── Stage 1: Build the Rust binary ─────────────────────────
FROM rust:1.77-bookworm AS builder
WORKDIR /build
COPY Cargo.toml Cargo.lock* ./
COPY src/ src/
RUN cargo build --release
# ── Stage 2: All-in-one runtime on Kali ────────────────────
FROM kalilinux/kali-rolling
ENV DEBIAN_FRONTEND=noninteractive
# Security tools + runtimes
RUN apt-get update && apt-get install -y --no-install-recommends \
sqlmap nmap nikto gobuster curl ca-certificates \
python3 python3-pip \
nodejs npm \
procps \
&& rm -rf /var/lib/apt/lists/*
# Python MCP SDK
RUN pip3 install "mcp[cli]" --break-system-packages
WORKDIR /app
# Compiled Rust orchestrator
COPY --from=builder /build/target/release/shield-ci /app/shield-ci
RUN chmod +x /app/shield-ci
# Support files
COPY kali_mcp.py /app/kali_mcp.py
COPY push_results.py /app/push_results.py
COPY run.sh /app/run.sh
COPY detector.sh /app/detector.sh
COPY tool_call.gbnf /app/tool_call.gbnf
# Entrypoint
COPY entrypoint_allinone.sh /app/entrypoint_allinone.sh
RUN chmod +x /app/entrypoint_allinone.sh
# ── Environment ────────────────────────────────────────────
# Tell the orchestrator to call kali_mcp.py locally (not docker run)
ENV SHIELDCI_LOCAL_TOOLS=1
ENV SHIELDCI_MCP_CMD="python3 /app/kali_mcp.py"
# Ollama runs on the host — default for Docker Desktop
ENV OLLAMA_HOST=http://host.docker.internal:11434
# Target repo is mounted here
VOLUME ["/workspace"]
WORKDIR /workspace
ENTRYPOINT ["/app/entrypoint_allinone.sh"]