7336b17f79
Build and push soc-collector / build (push) Successful in 31s
A single Docker image, configured entirely by env vars (SOC_URL + SOC_TOKEN + targets). Runs once and exits; schedule with cron. Four self-skipping sources: - surface nmap open-port/service scan (SOC_TARGETS) - cve Trivy HIGH/CRITICAL scan of running images (Docker socket) - tls cert-expiry / weak-TLS / missing-headers (SOC_DOMAINS) - config 0.0.0.0 binds, --privileged, rw docker-socket mounts (Docker socket) Stable slugs per source so SOC Center versions/diffs/alerts. Pure stdlib; image adds nmap + trivy. MIT, intended as a public Ethica repo.
20 lines
693 B
Docker
20 lines
693 B
Docker
FROM python:3.12-slim
|
|
|
|
ENV PYTHONUNBUFFERED=1 PYTHONDONTWRITEBYTECODE=1 \
|
|
DOCKER_HOST=unix:///var/run/docker.sock
|
|
|
|
# nmap for the attack-surface scan; trivy for container CVEs (it reaches the
|
|
# Docker daemon via DOCKER_HOST, so no docker CLI is needed). The collector
|
|
# itself is pure stdlib Python — no pip deps.
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends nmap ca-certificates wget \
|
|
&& wget -qO- https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \
|
|
| sh -s -- -b /usr/local/bin \
|
|
&& apt-get purge -y wget && apt-get autoremove -y \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
COPY . .
|
|
|
|
ENTRYPOINT ["python", "collector.py"]
|