Oficial docker image?

[omerlh]

Is there a plan to have an official docker image for the CLI?

[coderpatros]

@omerlh this is not an official docker image. But might suit your needs https://github.com/patros/docker-devskim

[jhulten]

:+1:

I would like to be able to provide this in our CI pipelines as well as allowing developers to include it in their IDE.

[coderpatros]

@jhulten what IDE do they use? There is already extensions for Visual Studio and VS Code.

And if you use my docker image you can "break" the build based on the exit code. I'm currently using it across about 200 repos.

[jhulten]

We have some in VSCode, VS, Atom, and Sublime with a couple of JetBrains products in the mix.

Your image is great, but it will be easier to get through security if it is mainstreamed.

Good exit codes would also allow pre-commit hooks via https://pre-commit.com/

[coderpatros]

Oh, that's simple @jhulten. My Dockerfile and DevSkim are MIT licenced. Take a cut of them and build your own internal image. That way you have full control over it which should keep the security team happy.

[coderpatros]

For anyone interested. My docker image is now building directly from this repo instead of my custom fork. @gfs any interest in a pull request for a Dockerfile?

[gfs]

I’d be interested to take a look. Feel free to open a PR.

On Thu, Jan 23, 2020 at 1:30 AM, Patrick Dwyer notifications@github.com wrote:

For anyone interested. My docker image is now building directly from this repo instead of my custom fork. @gfs any interest in a pull request for a Dockerfile?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[gfs]

We are now planning to make an official docker image. We are currently working on completely rewriting the build pipeline, and this task relies on #86 to complete.

[gfs]

We hit some delays in getting the rest of our CI pipeline running. We've now completed that. This is still coming soon.

[gfs]

We are now also distributing devskim as a dotnet global tool. That may help in the meantime with a single line install (as long as you have .net core 3.1 installed)

dotnet tool install --global devskim

That will place the devskim cli on your path.

[coderpatros]

In case there is anyone following this who uses my docker image. I’ve switched it over to using the official build via dotnet tool install.

[daalcant]

In case there is anyone following this who uses my docker image. I’ve switched it over to using the official build via dotnet tool install.

Quick update, the dotnet tool has been moved here: https://www.nuget.org/packages/Microsoft.CST.DevSkim.CLI

The tool can be executed via the "devskim" command.

[coderpatros]

Thanks for the heads up @daalcant