tyler.durden/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2025-07-07 13:54:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check if scan has already been invoked before suggesting using it

Browse Source 
Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
This commit is contained in:
Guillaume Tardif 2021-02-25 09:53:50 +01:00
parent fa3a08e4fc
commit accc65ae8b
2 changed files with 41 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
local/compose/build.go
View File

@ -45,7 +45,7 @@ func (s *composeService) Build(ctx context.Context, project *types.Project) erro
err := s.build(ctx, project, opts) err := s.build(ctx, project, opts)
if err == nil { if err == nil {
displayScanSuggestMsg(imagesToBuild) displayScanSuggestMsg(ctx, imagesToBuild)
} }
return err return err
@ -95,7 +95,7 @@ func (s *composeService) ensureImagesExists(ctx context.Context, project *types.
err := s.build(ctx, project, opts) err := s.build(ctx, project, opts)
if err == nil { if err == nil {
displayScanSuggestMsg(imagesToBuild) displayScanSuggestMsg(ctx, imagesToBuild)
} }
return err return err
} }

35
local/compose/scan_suggest.go
View File

@ -17,29 +17,60 @@
package compose package compose
import ( import (
"context"
"encoding/json"
"fmt" "fmt"
"io/ioutil"
"os" "os"
"path/filepath"
"strings" "strings"
pluginmanager "github.com/docker/cli/cli-plugins/manager" pluginmanager "github.com/docker/cli/cli-plugins/manager"
"github.com/docker/cli/cli/command" "github.com/docker/cli/cli/command"
"github.com/docker/compose-cli/api/config"
) )
func displayScanSuggestMsg(builtImages []string) { func displayScanSuggestMsg(ctx context.Context, builtImages []string) {
if len(builtImages) <= 0 { if len(builtImages) <= 0 {
return return
} }
if os.Getenv("DOCKER_SCAN_SUGGEST") == "false" { if os.Getenv("DOCKER_SCAN_SUGGEST") == "false" {
return return
} }
if scanAvailable() { if !scanAvailable() || scanAlreadyInvoked(ctx) {
return
}
commands := []string{} commands := []string{}
for _, image := range builtImages { for _, image := range builtImages {
commands = append(commands, fmt.Sprintf("docker scan %s", image)) commands = append(commands, fmt.Sprintf("docker scan %s", image))
} }
allCommands := strings.Join(commands, ", ") allCommands := strings.Join(commands, ", ")
fmt.Printf("Try scanning the image you have just built to identify vulnerabilities with Dockers new security tool: %s\n", allCommands) fmt.Printf("Try scanning the image you have just built to identify vulnerabilities with Dockers new security tool: %s\n", allCommands)
}
func scanAlreadyInvoked(ctx context.Context) bool {
configDir := config.Dir(ctx)
filename := filepath.Join(configDir, "scan", "config.json")
f, err := os.Stat(filename)
if os.IsNotExist(err) {
return false
} }
if f.IsDir() { // should never happen, do not bother user with suggestion if something goes wrong
return true
}
type scanOptin struct {
Optin bool `json:"optin"`
}
data, err := ioutil.ReadFile(filename)
if err != nil {
return true
}
scanConfig := scanOptin{}
err = json.Unmarshal(data, &scanConfig)
if err != nil {
return true
}
return scanConfig.Optin
} }
func scanAvailable() bool { func scanAvailable() bool {