From 1dd7956760a014caa67f0931717258a7a70b6366 Mon Sep 17 00:00:00 2001 From: Anthony Roger Date: Tue, 11 Dec 2018 11:47:06 +0100 Subject: [PATCH] feat: add the ability to select the images to be check from registry in order to integrate in ci Signed-off-by: Anthony Roger --- docker-bench-security.sh | 4 +++- tests/4_container_images.sh | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/docker-bench-security.sh b/docker-bench-security.sh index 953aee0..4e422e0 100755 --- a/docker-bench-security.sh +++ b/docker-bench-security.sh @@ -46,13 +46,14 @@ usage () { -e CHECK optional Comma delimited list of specific check(s) to exclude -i INCLUDE optional Comma delimited list of patterns within a container name to check -x EXCLUDE optional Comma delimited list of patterns within a container name to exclude from check + -t TARGET optional Comma delimited list of images name to check. EOF } # Get the flags # If you add an option here, please # remember to update usage() above. -while getopts bhl:c:e:i:x: args +while getopts bhl:c:e:i:x:t: args do case $args in b) nocolor="nocolor";; @@ -62,6 +63,7 @@ do e) checkexclude="$OPTARG" ;; i) include="$OPTARG" ;; x) exclude="$OPTARG" ;; + t) imgList="$OPTARG" ;; *) usage; exit 1 ;; esac done diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh index 4dbace6..47796d6 100644 --- a/tests/4_container_images.sh +++ b/tests/4_container_images.sh @@ -1,6 +1,19 @@ #!/bin/sh -images=$(docker images -q) +if [ -n "$imgList" ]; then + pattern=$(echo "$imgList" | sed 's/,/ /g') + for img in $pattern; do + echo "Looking for image $img" + sha256=$(docker image ls "$img" -q) + if [ -z "$sha256" ]; then + echo "Image $img not found. Exiting." + exit 1 + fi + images="$images $sha256 " + done +else + images=$(docker images -q) +fi check_4() { logit "\n"