deployment/docker/Makefile: added docker-scan (#2916)

* deployment/docker/Makefile: added docker-scan docker-scan based on native 'docker scan' function that use snyk.io, see https://docs.docker.com/engine/scan/ * set to call 'docker-scan after release binaries but before publishing
2025-01-20 15:29:24 +01:00 · 2022-08-02 09:54:39 +03:00 · 2022-08-02 09:54:39 +03:00 · 9b4024cd62
commit 9b4024cd62
parent f2e56f0dfd
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@ -73,7 +73,7 @@ vmcluster-crossbuild: \
 	vmcluster-freebsd-amd64 \
 	vmcluster-openbsd-amd64

-publish: \
+publish: docker-scan \
 	publish-vminsert \
 	publish-vmselect \
 	publish-vmstorage
--- a/deployment/docker/Makefile
+++ b/deployment/docker/Makefile
@ -16,6 +16,9 @@ package-base:
 			--tag $(BASE_IMAGE) \
 			deployment/docker/base

+docker-scan: package-base
+	docker scan --accept-license $(BASE_IMAGE) || (echo "❌ The build has been terminated because critical vulnerabilities were found in $(BASE_IMAGE)"; exit 1)
+
 package-builder:
 	(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \
 		|| docker build \