Skip to content

Commit

Permalink
add options: accept-key (#149)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomoyamachi
tomoyamachi authored Sep 10, 2021
1 parent d873a3d commit b68ff92
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
5 changes: 5 additions & 0 deletions cmd/dockle/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,11 @@ OPTIONS:
Name: "ignore, i",
Usage: "checkpoints to ignore. You can use .dockleignore too.",
},
cli.StringSliceFlag{
Name: "accept-key, a",
EnvVar: "ACCEPT_KEY",
Usage: "For CIS-DI-0010. You can add acceptable keywords. e.g) -a GPG_KEY -a KEYCLOAK",
},
cli.StringFlag{
Name: "format, f",
Value: "",
Expand Down
8 changes: 7 additions & 1 deletion pkg/assessor/manifest/manifest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ func (a ManifestAssessor) Assess(fileMap deckodertypes.FileMap) (assesses []*typ
return checkAssessments(d)
}

func AddAcceptanceKeys(keys []string) {
for _, key := range keys {
acceptanceEnvKey[key] = struct{}{}
}
}

func checkAssessments(img types.Image) (assesses []*types.Assessment, err error) {
if img.Config.User == "" || img.Config.User == "root" {
assesses = append(assesses, &types.Assessment{
Expand All @@ -61,7 +67,7 @@ func checkAssessments(img types.Image) (assesses []*types.Assessment, err error)
assesses = append(assesses, &types.Assessment{
Code: types.AvoidCredential,
Filename: ConfigFileName,
Desc: fmt.Sprintf("Suspicious ENV key found : %s", envKey),
Desc: fmt.Sprintf("Suspicious ENV key found : %s (You can suppress it with --accept-key)", envKey),
})
}
}
Expand Down
4 changes: 3 additions & 1 deletion pkg/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"github.com/goodwithtech/dockle/pkg/assessor/manifest"
l "log"
"os"
"strings"
Expand Down Expand Up @@ -72,8 +73,9 @@ func Run(c *cli.Context) (err error) {
return fmt.Errorf("invalid image: %w", err)
}
}
log.Logger.Debug("Start assessments...")
manifest.AddAcceptanceKeys(c.StringSlice("accept-key"))

log.Logger.Debug("Start assessments...")
assessments, err := scanner.ScanImage(ctx, imageName, filePath, dockerOption)
if err != nil {
if errors.Is(err, context.DeadlineExceeded) {
Expand Down

0 comments on commit b68ff92

Please sign in to comment.