Skip to content

Commit

Permalink
Bump to golang 1.23 (#133)
Browse files Browse the repository at this point in the history
  • Loading branch information
ramanan-ravi authored Nov 5, 2024
1 parent 431fd8b commit 4a4250e
Show file tree
Hide file tree
Showing 15 changed files with 178 additions and 216 deletions.
6 changes: 3 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ ARG VECTORSCAN_IMG_TAG=latest
ARG VECTORSCAN_IMAGE_REPOSITORY=deepfenceio
FROM $VECTORSCAN_IMAGE_REPOSITORY/deepfence_vectorscan_build:$VECTORSCAN_IMG_TAG AS vectorscan

FROM golang:1.22-alpine3.18 AS builder
FROM golang:1.23-alpine3.20 AS builder
MAINTAINER DeepFence

RUN apk update \
Expand Down Expand Up @@ -52,7 +52,7 @@ WORKDIR /home/deepfence/src/SecretScanner
COPY . .
RUN make clean && make all

FROM alpine:3.18
FROM alpine:3.20
MAINTAINER DeepFence
LABEL deepfence.role=system

Expand All @@ -68,7 +68,7 @@ set -eux

apk update && apk add --no-cache --upgrade curl

NERDCTL_VERSION=1.4.0
NERDCTL_VERSION=1.7.7
curl -fsSLO https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
tar Cxzvvf /usr/local/bin nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
rm nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
export IMAGE_REPOSITORY?=quay.io/deepfenceio
export DF_IMG_TAG?=3.0.0
export DF_IMG_TAG?=2.5.0

all: SecretScanner

Expand Down
17 changes: 13 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,23 @@ Install docker and run SecretScanner on a container image using the following in
* Build SecretScanner:
```shell
./bootstrap.sh
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 -f Dockerfile .
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 -f Dockerfile .
```

* Or, pull the latest build from docker hub by doing:
```shell
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0
```

### Generate License Key

Run this command to generate a license key. Work/official email id has to be used.
```shell
curl https://license.deepfence.io/threatmapper/generate-license?first_name=<FIRST_NAME>&last_name=<LAST_NAME>&email=<EMAIL>&company=<ORGANIZATION_NAME>&resend_email=true
```

### Scan

* Pull a container image for scanning:
```shell
docker pull node:8.11
Expand All @@ -57,7 +66,7 @@ docker run -i --rm --name=deepfence-secretscanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_secret_scanner_ce:3.0.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
--image-name node:8.11 \
--output json > node.json
```
Expand All @@ -69,7 +78,7 @@ docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_secret_scanner_ce:3.0.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
--image-name node:8.11 \
--rules-path=/tmp/rules \
--output json > node.json
Expand Down
2 changes: 1 addition & 1 deletion agent-plugins-grpc
Submodule agent-plugins-grpc updated 2 files
+7 −8 go.mod
+14 −20 go.sum
17 changes: 1 addition & 16 deletions docs/docs/secretscanner/configure/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Command-Line Options
Display the command line options:

```bash
docker run -it --rm quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 --help
docker run -it --rm quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 --help
```

or, with a standalone build:
Expand Down Expand Up @@ -48,21 +48,6 @@ SecretScanner can write output as Table and JSON format

* `-output`: Output format: json or table (default "table")

### Configure GRPC Listener

SocketScanner can run persistently, listening for scan requests over GRPC, either on an HTTP endpoint or a unix socket.

:::info

### Help needed!

This functionality is out-of-date and needs refreshed
:::

* `--http-port string`: When set the http server will come up at port with df es as output
* `--socket-path string`: The gRPC server unix socket path


### Configure Scans

Scans can be fine-tuned using settings in `config.yaml`:
Expand Down
4 changes: 3 additions & 1 deletion docs/docs/secretscanner/configure/output.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ SecretScanner can writes output to `stdout` it can redirected to a file for furt
# Write output to ./tmp/node-secret-scan.json

docker run -it --rm --name=deepfence_secret_scanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
--image-name node:latest \
# highlight-next-line
--output json > ./tmp/node-secret-scan.json
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/secretscanner/img/secretscanner.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 27 additions & 3 deletions docs/docs/secretscanner/quickstart.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,14 @@ Pull the latest SecretScanner image, and use it to scan a `node:latest` containe
## Pull the latest SecretScanner image

```bash
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0
```

## Generate License Key

Run this command to generate a license key. Work/official email id has to be used.
```shell
curl https://license.deepfence.io/threatmapper/generate-license?first_name=<FIRST_NAME>&last_name=<LAST_NAME>&email=<EMAIL>&company=<ORGANIZATION_NAME>&resend_email=true
```

## Scan a Container Image
Expand All @@ -20,21 +27,38 @@ Pull an image to your local repository, then scan it
docker pull node:latest

docker run -i --rm --name=deepfence-secretscanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
-image-name node:latest

docker rmi node:latest
```

Rules can also be cached to use next run by mounting a seperate path and passing `rules-path` argument
```shell
docker run -i --rm --name=deepfence-yarahunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/rules:/tmp/rules \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
--image-name node:8.11 \
--rules-path=/tmp/rules \
--output json > node.json
```

## Process the results with jq

You can summarise the results by processing the JSON output, e.g. using `jq`:

```bash
docker run -i --rm --name=deepfence-secretscanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
--image-name node:latest \
--output json > /tmp/node-secret-scan.json

Expand Down
6 changes: 3 additions & 3 deletions docs/docs/secretscanner/using/build.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ SecretScanner is a self-contained docker-based tool. Clone the [SecretScanner re

```bash
./bootstrap.sh
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 -f Dockerfile .
docker build --rm=true --tag=quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 -f Dockerfile .
```

Alternatively, you can pull the official Deepfence image at `quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0`:
Alternatively, you can pull the official Deepfence image at `quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0`:

```bash
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0
docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0
```
56 changes: 0 additions & 56 deletions docs/docs/secretscanner/using/grpc.md

This file was deleted.

8 changes: 6 additions & 2 deletions docs/docs/secretscanner/using/scan.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ Pull the image to your local repository, then scan it
docker pull node:latest

docker run -it --rm --name=deepfence-secretscanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
# highlight-next-line
--image-name node:latest

Expand All @@ -28,9 +30,11 @@ Mount the filesystem within the SecretScanner container and scan it. Here, we s

```bash
docker run -it --rm --name=deepfence-secretscanner \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
# highlight-next-line
-v /tmp:/deepfence/mnt \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.3.0 \
quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.0 \
# highlight-next-line
--host-mount-path /deepfence/mnt --local /deepfence/mnt
```
Expand Down
12 changes: 6 additions & 6 deletions docs/docs/secretscanner/using/standalone.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ These instructions are out-of-date and need refreshed
## Build Instructions

1. Run bootstrap.sh
1. Install Docker
1. Install Hyperscan
1. Install go for your platform (version 1.14)
1. Install go modules, if needed: `gohs`, `yaml.v3` and `color`
1. `go get github.com/deepfence/SecretScanner` will download and build SecretScanner automatically in `$GOPATH/bin` or `$HOME/go/bin` directory. Or, clone this repository and run `go build -v -i` to build the executable in the current directory.
1. Edit config.yaml file as needed and run the secret scanner with the appropriate config file directory.
2. Install Docker
3. Install Hyperscan
4. Install go for your platform (version 1.14)
5. Install go modules, if needed: `gohs`, `yaml.v3` and `color`
6. `go get github.com/deepfence/SecretScanner` will download and build SecretScanner automatically in `$GOPATH/bin` or `$HOME/go/bin` directory. Or, clone this repository and run `go build -v -i` to build the executable in the current directory.
7. Edit config.yaml file as needed and run the secret scanner with the appropriate config file directory.

Refer to the [Install file](https://github.com/deepfence/SecretScanner/blob/master/Install.Ubuntu) for instructions on how to build on an ubuntu system.

Expand Down
3 changes: 1 addition & 2 deletions docs/sidebars.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,7 @@ const sidebars = {
items: [
'secretscanner/using/build',
'secretscanner/using/scan',
'secretscanner/using/standalone',
'secretscanner/using/grpc',
'secretscanner/using/standalone'
]
},

Expand Down
Loading

0 comments on commit 4a4250e

Please sign in to comment.