generated from Ostorlab/template_agent
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
88 lines (72 loc) · 2.22 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
FROM owasp/zap2docker-stable AS builder
FROM ubuntu:22.04 AS final
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y software-properties-common \
&& add-apt-repository ppa:deadsnakes/ppa \
&& apt-get remove -y python*
# Install necessary packages
RUN apt-get update && apt-get install -q -y --fix-missing \
make \
automake \
autoconf \
gcc g++ \
openjdk-11-jdk \
wget \
curl \
xmlstarlet \
unzip \
git \
openbox \
xterm \
net-tools \
python-is-python3 \
curl \
python3.11 \
python3.11-dev \
python3-pip \
wireguard-tools \
openresolv \
iproute2 \
xvfb \
x11vnc \
virtualenv && \
rm -rf /var/lib/apt/lists/*
COPY requirement.txt .
RUN python3.11 -m virtualenv -p python3.11 /venv
RUN /venv/bin/python3.11 -m pip install --upgrade pip
RUN /venv/bin/python3.11 -m pip install -r requirement.txt
RUN useradd -u 1000 -d /home/zap -m -s /bin/bash zap
RUN echo zap:zap | chpasswd
RUN mkdir /zap && chown zap:zap /zap
WORKDIR /zap
#Change to the zap user so things get done as the right person (apart from copy)
USER zap
RUN mkdir /home/zap/.vnc
# Copy stable release
COPY --from=builder --chown=1000:1000 /zap .
COPY --from=builder --chown=1000:1000 /zap/webswing /zap/webswing
ARG TARGETARCH
ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-$TARGETARCH
ENV PATH /venv/bin:$JAVA_HOME/bin:/zap/:$PATH
ENV ZAP_PATH /zap/zap.sh
# Default port for use with health check
ENV ZAP_PORT 8080
ENV IS_CONTAINERIZED true
ENV HOME /home/zap/
ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8
COPY --from=builder --chown=1000:1000 /home/zap/.ZAP/policies /home/zap/.ZAP/policies/
COPY --from=builder --chown=1000:1000 /root/.ZAP/policies /root/.ZAP/policies/
# The scan script loads the scripts from dev home dir.
COPY --from=builder --chown=1000:1000 /home/zap/.ZAP_D/scripts /home/zap/.ZAP_D/scripts/
COPY --from=builder --chown=1000:1000 /home/zap/.xinitrc /home/zap/
RUN chmod a+x /home/zap/.xinitrc
HEALTHCHECK CMD curl --silent --output /dev/null --fail http://localhost:$ZAP_PORT/ || exit 1
USER root
RUN mkdir -p /app/agent
ENV PYTHONPATH=/app
COPY agent /app/agent
COPY ostorlab.yaml /app/agent/ostorlab.yaml
WORKDIR /app
RUN mkdir -p /zap/wrk
CMD ["/venv/bin/python3.11", "/app/agent/zap_agent.py"]