Wrapping dockerfile should add ONBUILD directive - Githubissues

crashappsec / chalk

Chalk allows you to follow code from development, through builds and into production.

https://crashoverride.com/

GNU General Public License v3.0

322 stars 11 forks source link

Wrapping dockerfile should add ONBUILD directive #305

Closed miki725 closed 4 weeks ago

miki725 commented 1 month ago

currently when chalk wraps a docker build it:

copies chalk mark into /chalk.json
copies chalk binary to /chalk

now imagine the following flow:

image is wrapped with chalk. lets call this image foo
another image is build on top of the chalked image (FROM foo) but the build is not wrapped with chalk. lets call this image bar
bar image runs which will now send report with metadata_id of foo image which is incorrect as bar image is actually running

by using the ONBUILD directive we should be able to customize /chalk.json whenever the image is used as a base image