mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
3eba7b8a3e
I'm trying to scan a project which has dependencies which are private projects. When Go tries to fetch the dependencies it normally uses HTTPS, but that doesn't work if they're private (terminal prompts disabled, can't enter username/password). So you do this little trick with git configuration to get Go to fetch dependencies over ssh: `GIT_CONFIG_PARAMETERS=url.ssh://git@github.com/.insteadOf=https://github.com/` unfortunately the docker image doesn't have ssh installed so this doesn't work :)
15 lines
473 B
Docker
15 lines
473 B
Docker
ARG GO_VERSION
|
|
FROM golang:${GO_VERSION}-alpine AS builder
|
|
RUN apk add --update --no-cache ca-certificates make git curl gcc libc-dev
|
|
RUN mkdir -p /build
|
|
WORKDIR /build
|
|
COPY . /build/
|
|
RUN go mod download
|
|
RUN make build-linux
|
|
|
|
FROM golang:${GO_VERSION}-alpine
|
|
RUN apk add --update --no-cache ca-certificates bash git gcc libc-dev openssh
|
|
ENV GO111MODULE on
|
|
COPY --from=builder /build/gosec /bin/gosec
|
|
COPY entrypoint.sh /bin/entrypoint.sh
|
|
ENTRYPOINT ["/bin/entrypoint.sh"]
|