Commit b61e4cc7 authored by Dmitriy Safronov's avatar Dmitriy Safronov
Browse files

fix

parent 68936047

Dockerfile

+11 −4
Original line number Diff line number Diff line 
FROM registry.cyberbrain.pw/docker/grype:latest AS source

FROM registry.cyberbrain.pw/docker/grype:latest AS base



FROM registry.cyberbrain.pw/docker/alpine:latest AS runtime

FROM registry.cyberbrain.pw/docker/alpine:latest AS common



FROM common AS executor

COPY --from=base /grype /grype

RUN chmod +x /grype; /grype db update -v



FROM common AS runtime

ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \

    GRYPE_DB_CACHE_DIR="/srv/grype/db" \

    GRYPE_DB_AUTO_UPDATE="false"

COPY --from=source /grype /bin/

COPY --from=executor /grype /bin/

RUN set -ex && \

    chmod a+x /bin/grype && \

    mkdir -p ${GRYPE_DB_CACHE_DIR} && \

    chmod -R 0777 ${GRYPE_DB_CACHE_DIR}

COPY --from=source /.cache/grype/db ${GRYPE_DB_CACHE_DIR}

COPY --from=executor /root/.cache/grype/db ${GRYPE_DB_CACHE_DIR}

RUN set -ex && \

    chmod -R 0555 ${GRYPE_DB_CACHE_DIR}

LABEL org.label-schema.description="A vulnerability scanner for container images and filesystems (standalone)"

ENTRYPOINT [ "/bin/grype" ]

CMD [ "--help" ]