PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Sunday, October 9, 2022

[FIXED] How to scanning path in docker image from BlackDuck scanning

 October 09, 2022     blackduck, containers, continuous-integration, linux, synopsis-detect     No comments   

Issue

I'm using BlackDuck scanning use script detect.sh from Synopsys to scan docker image but I don't know how to scan path in docker image. My setting below:

./detect.sh \
--blackduck.url=https://blackduck.blackducksoftware.com \
--blackduck.always.trust.cert=true \
--blackduck.trust.cert=true \
--blackduck.api.token=\"%env.BD_HUB_TOKEN%\" \
--detect.project.name=\"%black_duck_parent_project%\" \
--detect.project.version.name="Docker-Image" \
--detect.code.location.name="Docker-Image-Scan" \
--detect.tools.excluded=DETECTOR \
--logging.level.com.synopsys.integration=DEBUG \
--detect.detector.search.depth=10000 \
--detect.docker.image=myapp:latest \
--detect.project.codelocation.unmap=true \
--detect.output.path=.\blackduck \
--detect.detector.search.exclusion.defaults=true \
--detect.policy.check.fail.on.severities=BLOCKER,CRITICAL \
--logging.level.com.synopsys=DEBUG \
--detect.report.timeout=1200 \
--blackduck.timeout=240

I want to scan directory /opt/scanning, /opt/checking in my docker image.
How to scan that folder?


Solution

From the Advanced BackDuck Docker Inspector documentation:

Running Synopsys Detect on a project directory that exists within a Docker image

When you want to run Synopsys Detect on a directory that exists within a Docker image, you can use the following approach: 1. Run Synopsys Detect on the image to generate the container filesystem for the image. 2. Run Synopsys Detect on a directory within that container filesystem.

Synopsys Detect performs these actions without running the image/container.

To see a simple example that illustrates this approach, use the following commands to download these sample files:

curl -O https://raw.githubusercontent.com/blackducksoftware/blackduck-docker-inspector/master/deployment/docker/runDetectInImageDir/runDetectInImageDir.sh
curl -O https://raw.githubusercontent.com/blackducksoftware/blackduck-docker-inspector/master/deployment/docker/runDetectInImageDir/Dockerfile

Review the script before running it to make sure the side effects (files and directories that it creates) are acceptable. You must make the script executable before you run it.

runDetectInImageDir.sh contains the following script, which "provides a simple illustration of how you might run detect on a specific directory (say, a maven project) within an image, without running that image as a container":

curl -O https://detect.synopsys.com/detect.sh
chmod +x detect.sh

./detect.sh
  --blackduck.offline.mode=true
  --detect.docker.image=mavenproject:1
  --detect.docker.passthrough.output.path=/tmp/output
  --detect.tools.excluded=SIGNATURE_SCAN,POLARIS

rm -rf containerfilesystem
mkdir -p containerfilesystem
cd containerfilesystem
tar xvf /tmp/output/mavenproject_1_containerfilesystem.tar.gz

cd image_mavenproject_v_1/home/my-app
../../../../detect.sh
  --blackduck.offline.mode=true
  --detect.tools.excluded=SIGNATURE_SCAN,POLARIS

Make sure you read the instructions in the sample files! Of course, amongst others, you have to replace image_mavenproject_v_1/home/my-app by your path.



Answered By - jasie
Answer Checked By - Senaida (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing