Publish containers to dockerhub

newrelic / rusty-hog

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.

Apache License 2.0

453 stars 59 forks source link

Publish containers to dockerhub #10

Closed jeffalder closed 4 years ago

jeffalder commented 4 years ago

Summary

Publish images to dockerhub.

Desired Behaviour

I would like to use containers so that:

I am not required to download and install binaries manually, and maintain versions manually
I can run the scanners in Kubernetes pods as init containers
I can run the scanner on virtually any platform without requiring special builds (and without New Relic having to publish special builds)
I can have the scanners separate so I don't download an S3 or Google Docs scanner that I'll never use.
The containers can easily be triggered as AWS Lambdas in response to various events (S3 bucket changes, for example).

cutler-scott-newrelic commented 4 years ago

@jeffalder , I'm not super knowledgeable on containers. There is a dockerfile that someone else was able to successfully create. If the output of that dockerfile is output to dockerhub (for each version change), would that be sufficient to close this ticket? If not, perhaps we can split out these feature requests to their own specific tickets? Or could you otherwise elaborate on what would need to change for you to meet all those requirements?

jeffalder commented 4 years ago

@cutler-scott-newrelic Yes, outputting the image to dockerhub would work perfectly ... along with documentation on dockerhub about how to run it and the fact that choctaw_hog is the default.

cutler-scott-newrelic commented 4 years ago

Just an update: I uploaded a single DockerHub image here: https://hub.docker.com/repository/docker/wetfeet2000/choctaw_hog and added a bare-bones README how to use it. The plan is to roll out proper documentation and all hogs with v1.0.7. But I was confused by one thing: The DockerHub + GitHub integration didn't allow me to select the rusty-hogs repo and I have no clue why. Is it looking for another file that helps it with the build process?

cutler-scott-newrelic commented 4 years ago

The rest of the Rusty Hogs have been uploaded to DockerHub. I imagine you may have issues with authentication on Berkshire and Ankamali Hog since their libraries attempt to access the local file system for credential files. I will try and add that as a separate TODO for later.