feat: add the ability to select the images to be check from registry in order to integrate in ci

Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>

docker-bench-security.sh

@@ -46,13 +46,14 @@ usage () {
   -e CHECK     optional  Comma delimited list of specific check(s) to exclude
   -i INCLUDE   optional  Comma delimited list of patterns within a container name to check
   -x EXCLUDE   optional  Comma delimited list of patterns within a container name to exclude from check
+  -t TARGET    optional  Comma delimited list of images name to check.
 EOF
 }
 
 # Get the flags
 # If you add an option here, please
 # remember to update usage() above.
-while getopts bhl:c:e:i:x: args
+while getopts bhl:c:e:i:x:t: args
 do
   case $args in
   b) nocolor="nocolor";;
@@ -62,6 +63,7 @@ do
   e) checkexclude="$OPTARG" ;;
   i) include="$OPTARG" ;;
   x) exclude="$OPTARG" ;;
+  t) imgList="$OPTARG" ;;
   *) usage; exit 1 ;;
   esac
 done

tests/4_container_images.sh

@@ -1,6 +1,19 @@
 #!/bin/sh
 
-images=$(docker images -q)
+if [ -n "$imgList" ]; then
+    pattern=$(echo "$imgList" | sed 's/,/ /g')
+    for img in $pattern; do
+      echo "Looking for image $img"
+      sha256=$(docker image ls "$img" -q)
+      if [ -z "$sha256" ]; then
+        echo "Image $img not found. Exiting."
+        exit 1
+      fi
+      images="$images $sha256 "
+    done 
+else
+  images=$(docker images -q)  
+fi
 
 check_4() {
   logit "\n"