docker-agent scanning only one specific image instead of all the repository

[llecaroz]

Hi, After a :

• docker push docker.mynetwork.net:51116/Disney/Movie:1.0.1-20171705120835

For a specific application in which we need to scan only one image & not all the repository, it could be great to have a whitesource..scan_ony option in whitesource-docker-agent.config to scan a specific list of images, for example:

docker.url=docker.mynetwork.net:51116 docker.username=Duffy docker.password=Duck whitesource.scan_only=Disney/Movie:1.0.1-20171705120835, image2, image3, ....

A such option is really important on shared machines like Jenkins slaves running jobs in parallel. Because jobs can run multiple containers, not to have the docker-agent impacted by a such environment, having the tool be able to scan a specific image by creating a dedicated container will enable the docker-agent tool to scan only a specific image instead of being impacted by all running containers, sometimes started by other processes in parallel

Looking to https://github.com/whitesource/docker-agent/blob/master/src/main/java/org/whitesource/docker/DockerAgent.java#L180, I think that this should not be so much expensive for a great new feature, by adding just after this line a condition checking that if whitesource.scan_only option was defined & the current "container" image name was not part of this option, then it should continue without scanning.

By the way, only images specified in whitesource.scan_only will be scanned.

This will enable to scan specific images on demand. I hope that the multiple docker-agent can run in parallel also on different images @ the sametime.

if not already done, at the end the docker-agent build should be able to return the status of the specified scanned image by an error level (for ex: 0 images are all green, 1 it contains some orange warning, 2 it contains some red issues)... or something like that.

I tried to implement it myself but it appears that there are some dependencies in your project which are not public breaking the build & so forbidding me to test a such scenario:

[ERROR] Failed to execute goal on project whitesource-fs-agent: Could not resolve dependencies for project org.whitesource:whitesource-fs-agent:jar:1.7.9: Failure to find org.apache.rat:apache-rat-core:jar:0.12.4-WSS in http://www.myow-nexus-server.com:8081/nexus/content/groups/build.snapshots/ was cached in the local repository, resolution will not be reattempted until the update interval of mirror1 has elapsed or updates are forced -> [Help 1]

Thx in advance for your coming feedback Best regards Louis

[llecaroz]

Proposal in PR here: https://github.com/whitesource/docker-agent/pull/2

[llecaroz]

as merged, closing