tsunami-security-scanner/core.Dockerfile at master · doyensec/tsunami-security-scanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Stage 1: Build phase

FROM ghcr.io/google/tsunami-scanner-devel:latest AS build

## build the core engine
WORKDIR /usr/repos/tsunami-security-scanner
COPY . .
RUN mkdir -p /usr/tsunami
RUN gradle shadowJar
RUN find . -name 'tsunami-main-*.jar' -exec cp {} /usr/tsunami/tsunami.jar \;
RUN cp ./tsunami_tcs.yaml /usr/tsunami/tsunami.yaml
RUN cp plugin/src/main/resources/com/google/tsunami/plugin/payload/payload_definitions.yaml /usr/tsunami/payload_definitions.yaml
RUN cp -r plugin_server/py/ /usr/tsunami/py_server

## We perform a hotpatch of the path pointing to the payload definitions file
## for easier usage in the Dockerized environment.
RUN sed -i "s%'../../plugin/src/main/resources/com/google/tsunami/plugin/payload/payload_definitions.yaml'%'/usr/tsunami/payload_definitions.yaml'%g" \
      /usr/tsunami/py_server/plugin/payload/payload_utility.py

## generate the protos for Python plugins
WORKDIR /usr/repos/tsunami-security-scanner/
RUN python3 -m grpc_tools.protoc \
  -I/usr/repos/tsunami-security-scanner/proto \
  --python_out=/usr/tsunami/py_server/ \
  --grpc_python_out=/usr/tsunami/py_server/ \
  /usr/repos/tsunami-security-scanner/proto/*.proto

# Stage 2: Release

FROM scratch AS release

COPY --from=build /usr/tsunami/tsunami.jar /usr/tsunami/
COPY --from=build /usr/tsunami/tsunami.yaml /usr/tsunami/
COPY --from=build /usr/tsunami/payload_definitions.yaml /usr/tsunami/payload_definitions.yaml

# Python server and the virtual environment
COPY --from=build /usr/tsunami/py_venv/ /usr/tsunami/py_venv
COPY --from=build /usr/tsunami/py_server/ /usr/tsunami/py_server