deployment/docker/Makefile: added docker-scan (#2916)

* deployment/docker/Makefile: added docker-scan docker-scan based on native 'docker scan' function that use snyk.io, see https://docs.docker.com/engine/scan/ * set to call 'docker-scan after release binaries but before publishing
2024-11-21 14:44:00 +00:00 · 2022-08-02 09:54:39 +03:00 · 2022-08-02 09:54:39 +03:00 · 5d364545bd
commit 5d364545bd
parent bf65709540
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@ -29,7 +29,7 @@ all: \
 clean:
 	rm -rf bin/*

-publish: \
+publish: docker-scan \
 	publish-victoria-metrics \
 	publish-vmagent \
 	publish-vmalert \
--- a/deployment/docker/Makefile
+++ b/deployment/docker/Makefile
@ -16,6 +16,9 @@ package-base:
 			--tag $(BASE_IMAGE) \
 			deployment/docker/base

+docker-scan: package-base
+	docker scan --accept-license $(BASE_IMAGE) || (echo "❌ The build has been terminated because critical vulnerabilities were found in $(BASE_IMAGE)"; exit 1)
+
 package-builder:
 	(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \
 		|| docker build \