Loading Dockerfile +13 −22 Original line number Diff line number Diff line ARG DOCKER_REGISTRY=registry.cyberbrain.pw FROM anchore/grype:latest AS base FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS common FROM common AS executor FROM anchore/grype:latest AS grype FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS loader SHELL ["/bin/ash", "-euo", "pipefail", "-c"] ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_CACHE_DIR="/tmp/db" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static RUN set -ex && \ chmod a+x /bin/grype && \ COPY --from=grype /grype /bin/grype RUN chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; else true; fi chmod -R 0777 ${GRYPE_DB_CACHE_DIR} ARG CACHEBUST=static RUN set -e; \ TMP="${CACHEBUST}" grype db update -v || ( echo "Update failed!"; exit 1 ) FROM common AS runtime FROM grype AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_CACHE_DIR="/srv/grype/db" \ GRYPE_DB_CACHE_DIR="/tmp/db" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/ RUN set -ex && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} COPY --from=executor /tmp/db ${GRYPE_DB_CACHE_DIR} RUN set -ex && \ chmod -R 0555 ${GRYPE_DB_CACHE_DIR} COPY --from=loader ${GRYPE_DB_CACHE_DIR}/ ${GRYPE_DB_CACHE_DIR}/ LABEL org.label-schema.description="A vulnerability scanner for container images and filesystems (standalone)" ENTRYPOINT [ "/bin/grype" ] CMD [ "--help" ] FROM runtime AS release Loading
Dockerfile +13 −22 Original line number Diff line number Diff line ARG DOCKER_REGISTRY=registry.cyberbrain.pw FROM anchore/grype:latest AS base FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS common FROM common AS executor FROM anchore/grype:latest AS grype FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS loader SHELL ["/bin/ash", "-euo", "pipefail", "-c"] ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_CACHE_DIR="/tmp/db" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static RUN set -ex && \ chmod a+x /bin/grype && \ COPY --from=grype /grype /bin/grype RUN chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; else true; fi chmod -R 0777 ${GRYPE_DB_CACHE_DIR} ARG CACHEBUST=static RUN set -e; \ TMP="${CACHEBUST}" grype db update -v || ( echo "Update failed!"; exit 1 ) FROM common AS runtime FROM grype AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_CACHE_DIR="/srv/grype/db" \ GRYPE_DB_CACHE_DIR="/tmp/db" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/ RUN set -ex && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} COPY --from=executor /tmp/db ${GRYPE_DB_CACHE_DIR} RUN set -ex && \ chmod -R 0555 ${GRYPE_DB_CACHE_DIR} COPY --from=loader ${GRYPE_DB_CACHE_DIR}/ ${GRYPE_DB_CACHE_DIR}/ LABEL org.label-schema.description="A vulnerability scanner for container images and filesystems (standalone)" ENTRYPOINT [ "/bin/grype" ] CMD [ "--help" ] FROM runtime AS release
