-
Notifications
You must be signed in to change notification settings - Fork 0
/
Vagrantfile
102 lines (90 loc) · 4.84 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "hashicorp/bionic64"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Disable the default share of the current code directory. Doing this
# provides improved isolation between the vagrant box and your host
# by making sure your Vagrantfile isn't accessible to the vagrant box.
# If you use this you may want to enable additional shared subfolders as
# shown above.
# config.vm.synced_folder ".", "/vagrant", disabled: true
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# open the project folder on vagrant ssh
config.ssh.extra_args = ["-t", "cd /vagrant; bash --login"]
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", env: {"GO_TARBALL_NAME" => "go1.22.2.linux-amd64.tar.gz", "TRUFFLEHOG_VER" => "3.79.0", "TARGETOS" => "linux", "TARGETARCH" => "amd64"}, inline: <<-SHELL
apt-get update && apt-get -y upgrade
# install golang
curl -O https://storage.googleapis.com/golang/$GO_TARBALL_NAME
rm -rf /usr/local/go && tar -C /usr/local -xzf $GO_TARBALL_NAME && rm $GO_TARBALL_NAME
touch /home/vagrant/.bash_profile
echo "export PATH=\$PATH:/usr/local/go/bin" >> /home/vagrant/.bash_profile
# setup scanio core path
echo "export PATH=\$PATH:\$HOME/.local/bin" >> /home/vagrant/.bash_profile
# install python
apt-get install -y python3.8
pip3 install --upgrade pip
update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 20
# install semgrep
python3 -m pip install semgrep
# install trufflehog
cd /tmp
export TRUFFLEHOG_ARCHIVE="trufflehog_${TRUFFLEHOG_VER}_${TARGETOS}_${TARGETARCH}.tar.gz" && \
export TRUFFLEHOG_SHA="$(curl -Ls https://github.com/trufflesecurity/trufflehog/releases/download/v${TRUFFLEHOG_VER}/trufflehog_${TRUFFLEHOG_VER}_checksums.txt | grep ${TRUFFLEHOG_ARCHIVE} | awk '{print $1}')" && \
curl -LOs "https://github.com/trufflesecurity/trufflehog/releases/download/v${TRUFFLEHOG_VER}/${TRUFFLEHOG_ARCHIVE}" && \
echo "${TRUFFLEHOG_SHA} ${TRUFFLEHOG_ARCHIVE}" | sha256sum -c - && \
tar -xzf ${TRUFFLEHOG_ARCHIVE} && \
rm -rf ${TRUFFLEHOG_ARCHIVE} && \
mv trufflehog /usr/local/bin && \
trufflehog filesystem
SHELL
end