mirror of https://github.com/docker/compose.git
Check if scan has already been invoked before suggesting using it
Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
This commit is contained in:
Guillaume Tardif
parent
fa3a08e4fc
commit
accc65ae8b
|
|
@ -45,7 +45,7 @@ func (s *composeService) Build(ctx context.Context, project *types.Project) erro
|
|||
|
||||
err := s.build(ctx, project, opts)
|
||||
if err == nil {
|
||||
displayScanSuggestMsg(imagesToBuild)
|
||||
displayScanSuggestMsg(ctx, imagesToBuild)
|
||||
}
|
||||
|
||||
return err
|
||||
|
|
@ -95,7 +95,7 @@ func (s *composeService) ensureImagesExists(ctx context.Context, project *types.
|
|||
|
||||
err := s.build(ctx, project, opts)
|
||||
if err == nil {
|
||||
displayScanSuggestMsg(imagesToBuild)
|
||||
displayScanSuggestMsg(ctx, imagesToBuild)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,29 +17,60 @@
|
|||
package compose
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
pluginmanager "github.com/docker/cli/cli-plugins/manager"
|
||||
"github.com/docker/cli/cli/command"
|
||||
"github.com/docker/compose-cli/api/config"
|
||||
)
|
||||
|
||||
func displayScanSuggestMsg(builtImages []string) {
|
||||
func displayScanSuggestMsg(ctx context.Context, builtImages []string) {
|
||||
if len(builtImages) <= 0 {
|
||||
return
|
||||
}
|
||||
if os.Getenv("DOCKER_SCAN_SUGGEST") == "false" {
|
||||
return
|
||||
}
|
||||
if scanAvailable() {
|
||||
commands := []string{}
|
||||
for _, image := range builtImages {
|
||||
commands = append(commands, fmt.Sprintf("docker scan %s", image))
|
||||
}
|
||||
allCommands := strings.Join(commands, ", ")
|
||||
fmt.Printf("Try scanning the image you have just built to identify vulnerabilities with Docker’s new security tool: %s\n", allCommands)
|
||||
if !scanAvailable() || scanAlreadyInvoked(ctx) {
|
||||
return
|
||||
}
|
||||
commands := []string{}
|
||||
for _, image := range builtImages {
|
||||
commands = append(commands, fmt.Sprintf("docker scan %s", image))
|
||||
}
|
||||
allCommands := strings.Join(commands, ", ")
|
||||
fmt.Printf("Try scanning the image you have just built to identify vulnerabilities with Docker’s new security tool: %s\n", allCommands)
|
||||
}
|
||||
|
||||
func scanAlreadyInvoked(ctx context.Context) bool {
|
||||
configDir := config.Dir(ctx)
|
||||
filename := filepath.Join(configDir, "scan", "config.json")
|
||||
f, err := os.Stat(filename)
|
||||
if os.IsNotExist(err) {
|
||||
return false
|
||||
}
|
||||
if f.IsDir() { // should never happen, do not bother user with suggestion if something goes wrong
|
||||
return true
|
||||
}
|
||||
type scanOptin struct {
|
||||
Optin bool `json:"optin"`
|
||||
}
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
scanConfig := scanOptin{}
|
||||
err = json.Unmarshal(data, &scanConfig)
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
return scanConfig.Optin
|
||||
}
|
||||
|
||||
func scanAvailable() bool {
|
||||
|
|
|
|||
Loading…
Reference in New Issue