tools-image/Dockerfile at main · PeterMosmans/tools-image · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# SPDX-License-Identifier: GPL-3.0-or-later
# (c) 2022-2025 Peter Mosmans [Go Forward]
# Use a base image to build (and download) the tools on

FROM node:22-bookworm-slim AS build

LABEL maintainer="support@go-forward.net"
LABEL vendor="Go Forward"

WORKDIR /
COPY requirements.txt .

# Versions can be specified as build parameters
ARG GRYPE \
    JWT_TOOL \
    NIKTO \
    SCANNER \
    TESTSSL

ENV DEBIAN_FRONTEND=noninteractive \
    GRYPE=${GRYPE} \
    JWT_TOOL=${JWT_TOOL} \
    NIKTO=${NIKTO} \
    SCANNER=${SCANNER} \
    TESTSSL=${TESTSSL}

# Install necessary binaries
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    git \
    python3-dev \
    python3-pip \
    python3-setuptools \
    python3-venv \
    unzip \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Create virtual environment
RUN python3 -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

# Download and unzip sonar-scanner-cli
RUN curl -sL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER}-linux-x64.zip" -o /tmp/scanner.zip && \
    unzip /tmp/scanner.zip -d /tmp/sonarscanner && \
    mv "/tmp/sonarscanner/sonar-scanner-${SCANNER}-linux-x64" /usr/lib/sonar-scanner

# Clone jwt_tool
RUN git clone --depth=1 --branch "${JWT_TOOL}" https://github.com/ticarpi/jwt_tool /tmp/jwt_tool && \
    rm -rf /tmp/jwt_tool/.git && \
    rm -rf /tmp/jwt_tool/.github && \
    rm -f /tmp/jwt_tool/Dockerfile && \
    python3 -m pip install -r /tmp/jwt_tool/requirements.txt --no-cache-dir && \
    mv /tmp/jwt_tool /usr/lib/jwt_tool && \
    chmod ugo+x /usr/lib/jwt_tool/jwt_tool.py

# Clone nikto.pl
RUN git clone --depth=1 --branch "${NIKTO}" https://github.com/sullo/nikto /tmp/nikto && \
    rm -rf /tmp/nikto/program/.git && \
    mv /tmp/nikto/program /usr/lib/nikto

# Clone testssl.sh
RUN git clone --depth=1 --branch "${TESTSSL}" https://github.com/drwetter/testssl.sh /tmp/testssl && \
    mkdir /usr/lib/testssl && \
    mv /tmp/testssl/bin/openssl.Linux.x86_64 /usr/lib/testssl/openssl && \
    chmod ugo+x /usr/lib/testssl/openssl && \
    mv /tmp/testssl/etc/ /usr/lib/testssl/etc/ && \
    mv /tmp/testssl/testssl.sh /usr/lib/testssl/testssl.sh && \
    chmod ugo+x /usr/lib/testssl/testssl.sh

# Install Grype
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin "${GRYPE}"

# Install packages as specified in the requirements.txt file
# hadolint ignore=DL3059
RUN python3 -m pip install -r requirements.txt --no-cache-dir && \
    cyclonedx-py venv --output-format json --output-file /opt/venv/sbom.json

FROM node:22-bookworm-slim AS release
# Default entry point
WORKDIR /workdir
COPY html-table.tmpl /usr/local/lib/html-table.tmpl

COPY --chown=999:999 --from=build /opt/venv /opt/venv
COPY --from=build /usr/lib/jwt_tool/ /usr/lib/jwt_tool/
COPY --from=build /usr/lib/nikto/ /usr/lib/nikto/
COPY --from=build /usr/lib/sonar-scanner/ /usr/lib/sonar-scanner/
COPY --from=build /usr/lib/testssl/ /usr/lib/testssl/
COPY --from=build /usr/local/bin/grype /usr/local/bin/grype
RUN ln -s /usr/lib/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool.py && \
    ln -s /usr/lib/nikto/nikto.pl /usr/local/bin/nikto.pl && \
    ln -s /usr/lib/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner && \
    ln -s /usr/lib/testssl/testssl.sh /usr/local/bin/testssl.sh

# Install necessary binaries
# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
    bsdmainutils \
    curl \
    dnsutils \
    git \
    jq \
    libnet-ssleay-perl \
    make \
    nmap \
    procps \
    python3 \
    python3-venv \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Update node package manager and typescript package
# Update packages
RUN npm install --location=global \
    npm@latest \
    typescript@latest \
    @cyclonedx/bom@latest \
    && npm update --global \
    && npm cache clean --force \
    && rm -rf /root/.npm/*

ENV LC_ALL=C.UTF-8 \
    NODE_PATH=/usr/local/lib/node_modules \
    PATH="/opt/venv/bin:$PATH" \
    SONAR_RUNNER_HOME=/usr/lib/sonar-scanner \
    SONAR_USER_HOME=/tmp

RUN groupadd -r tool && \
    useradd --create-home --no-log-init --shell /bin/bash --system --gid tool --groups tool,node tool

USER tool

# Create first-time configuration automatically
RUN /usr/lib/jwt_tool/jwt_tool.py || true