modifies dockerfile to create multiple python envs - making sure dependencies for checkov and semgrep match

Author: timbastin

Dockerfile.scanner

@@ -55,9 +55,33 @@ RUN CGO_ENABLED=0 make devguard-scanner
 FROM alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
 
 RUN apk add --no-cache git python3
-RUN python3 -m venv /usr/local/bin/venv && \
-    /usr/local/bin/venv/bin/pip install --upgrade pip && \
-    /usr/local/bin/venv/bin/pip install semgrep checkov
+# Create virtualenvs
+ENV VENV_DIR=/opt/tools
+RUN python -m venv ${VENV_DIR}/semgrep && \
+    python -m venv ${VENV_DIR}/checkov
+
+# Install semgrep in its venv
+RUN ${VENV_DIR}/semgrep/bin/pip install --upgrade pip && \
+    ${VENV_DIR}/semgrep/bin/pip install semgrep==1.131.0
+
+# Install checkov in its venv
+RUN ${VENV_DIR}/checkov/bin/pip install --upgrade pip && \
+    ${VENV_DIR}/checkov/bin/pip install checkov==3.2.457
+
+
+RUN cat <<EOF > /usr/local/bin/semgrep
+#!/bin/sh
+exec ${VENV_DIR}/semgrep/bin/semgrep "\$@"
+EOF
+
+RUN chmod +x /usr/local/bin/semgrep
+
+RUN cat <<EOF > /usr/local/bin/checkov
+#!/bin/sh
+exec ${VENV_DIR}/checkov/bin/checkov "\$@"
+EOF
+
+RUN chmod +x /usr/local/bin/checkov
 
 # add venv bin to path
 ENV PATH="/usr/local/bin/venv/bin:$PATH"