aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Apache License 2.0

4.7k stars 581 forks source link

Added multistage build for Dockerfile #362

Closed danielsagi closed 4 years ago

danielsagi commented 4 years ago

Description

Until now we used alot of unnecessary alpine packages in the final image. Now we only use the site-packages directory and the kube-hunter installed binary on a python alpine base image

Fixed Issues

This removes vulnerabilities found in kube-hunter image. as well as reduce size from 300MB~ to 77MB!

Contribution checklist

[x] I have read the Contributing Guidelines.
[ ] The commits refer to an active issue in the repository.
[ ] I have added automated testing to cover this case.

Notes

Please mention if you have not checked any of the above boxes.

codecov[bot] commented 4 years ago

Codecov Report

Merging #362 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #362   +/-   ##
=======================================
  Coverage   62.77%   62.77%           
=======================================
  Files          42       42           
  Lines        2281     2281           
=======================================
  Hits         1432     1432           
  Misses        849      849

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update cd1f79a...f8eb9cd. Read the comment docs.

danielsagi commented 4 years ago

@itaysk , Right, historically we installed them to remove warnings when loading scapy. in my tests I actually haven't seen warnings. But I added them again, seems to me that we will need them. the important part is removing the build packages.