Gotea/grype
1
0
Fork 0
mirror of https://github.com/anchore/grype.git synced 2026-04-21 10:55:58 +02:00
Code Issues Projects Releases Wiki Activity

use non root user for images (#2716)

Browse Source 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman
2025-06-06 12:06:36 -04:00
committed by GitHub
parent 1273ca366e
commit 510937fdbc
3 changed files with 17 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.goreleaser.yaml
View File

@@ -94,10 +94,10 @@ brews:
dockers:
- image_templates:
- anchore/grype:debug
- anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:debug
- ghcr.io/anchore/grype:{{.Tag}}-debug
- anchore/grype:debug-amd64
- anchore/grype:{{.Tag}}-debug-amd64
- ghcr.io/anchore/grype:debug-amd64
- ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
goarch: amd64
dockerfile: Dockerfile.debug
use: buildx
@@ -154,10 +154,10 @@ dockers:
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:latest
- anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:latest
- ghcr.io/anchore/grype:{{.Tag}}
- anchore/grype:latest-amd64
- anchore/grype:{{.Tag}}-amd64
- ghcr.io/anchore/grype:latest-amd64
- ghcr.io/anchore/grype:{{.Tag}}-amd64
goarch: amd64
dockerfile: Dockerfile
use: buildx
@@ -210,41 +210,42 @@ dockers:
docker_manifests:
- name_template: anchore/grype:latest
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-amd64
- anchore/grype:{{.Tag}}-arm64v8
- anchore/grype:{{.Tag}}-ppc64le
- anchore/grype:{{.Tag}}-s390x
- name_template: anchore/grype:debug
- anchore/grype:{{.Tag}}-debug
image_templates:
- anchore/grype:{{.Tag}}-debug-amd64
- anchore/grype:{{.Tag}}-debug-arm64v8
- anchore/grype:{{.Tag}}-debug-ppc64le
- anchore/grype:{{.Tag}}-debug-s390x
- name_template: anchore/grype:{{.Tag}}
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-amd64
- anchore/grype:{{.Tag}}-arm64v8
- anchore/grype:{{.Tag}}-ppc64le
- anchore/grype:{{.Tag}}-s390x
- name_template: ghcr.io/anchore/grype:latest
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-amd64
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
- ghcr.io/anchore/grype:{{.Tag}}-s390x
- name_template: ghcr.io/anchore/grype:debug
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:{{.Tag}}-debug-amd64
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-debug-ppc64le
- ghcr.io/anchore/grype:{{.Tag}}-debug-s390x
- name_template: ghcr.io/anchore/grype:{{.Tag}}
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-amd64
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-ppc64le
- ghcr.io/anchore/grype:{{.Tag}}-s390x

6
Dockerfile
View File

@@ -1,8 +1,4 @@
FROM gcr.io/distroless/static-debian12:latest AS build
FROM scratch
# needed for version check HTTPS request
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
FROM gcr.io/distroless/static-debian12:nonroot
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp

2
Dockerfile.debug
View File

@@ -1,4 +1,4 @@
FROM gcr.io/distroless/static-debian12:debug
FROM gcr.io/distroless/static-debian12:debug-nonroot
# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp