Merge pull request #288 from anchore/syft_docker_image

Add the ability to run syft from a scratch image.

.github/workflows/release.yaml

@@ -106,6 +106,12 @@ jobs:
             ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-
             ${{ runner.os }}-go-${{ env.GO_VERSION }}-
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.TOOLBOX_DOCKER_USER }}
+          password: ${{ secrets.TOOLBOX_DOCKER_PASS }}
+
       - name: Import GPG key
         id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v2

.goreleaser.yaml

@@ -47,6 +47,22 @@ builds:
       -X github.com/anchore/syft/internal/version.buildDate={{.Date}}
       -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
 
+dockers:
+  -
+    # Docker image name and tags
+    image_templates:
+    - "anchore/syft:latest"
+    - "anchore/syft:{{ .Version }}"
+    - "anchore/syft:{{ .Major }}.{{ .Minor }}"
+    - "anchore/syft:{{ .Major }}"
+    
+    # name of binary to release.
+    binaries:
+    - syft
+
+    # path to Dockerfile.
+    dockerfile: Dockerfile
+
 archives:
   - format: tar.gz
     builds:

Dockerfile

@@ -0,0 +1,20 @@
+FROM alpine:latest AS build
+
+# add required ca-certificates for https request.
+RUN apk --no-cache add ca-certificates
+
+# create empty directory for scratch image cache.
+RUN mkdir -p /tmp-syft
+
+# reduce container image to scratch size.
+FROM scratch
+
+# Copy directories and files needed to execute syft.
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /tmp-syft /tmp
+
+# copy syft binary to rootfs
+COPY syft /
+
+# default path
+ENTRYPOINT ["/syft"]

README.md

@@ -69,6 +69,14 @@ brew tap anchore/syft
 brew install syft
 ```
 
+**Container Image**
+
+
+```bash
+
+docker run -v /var/run/docker.sock:/var/run/docker.sock anchore/syft:latest -o json alpine:latest
+```
+
 ## Configuration
 
 Configuration search paths: