-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
55 lines (44 loc) · 2.32 KB
/
Copy pathDockerfile
File metadata and controls
55 lines (44 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Using official Playwright image to ensure all browser dependencies are pre-installed
FROM mcr.microsoft.com/playwright/python:v1.44.0-jammy AS base
LABEL maintainer="security-team@yourcompany.com"
LABEL description="Vulnerability Scanning Orchestrator"
# Ensure output is sent straight to terminal/logs without buffering
ENV PYTHONUNBUFFERED=1
ENV TERM=xterm-256color
# ── System deps + security tools ────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
curl wget unzip git ca-certificates gnupg \
nmap \
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs \
&& npm install -g @bonsai-ai/cli \
&& rm -rf /var/lib/apt/lists/*
# ── Install Go (needed for nuclei, httpx, ffuf) ─
ENV GOLANG_VERSION=1.22.4
RUN wget -q "https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz" \
&& tar -C /usr/local -xzf "go${GOLANG_VERSION}.linux-amd64.tar.gz" \
&& rm "go${GOLANG_VERSION}.linux-amd64.tar.gz"
ENV PATH="/usr/local/go/bin:/home/scanner/go/bin:${PATH}"
ENV GOBIN=/usr/local/bin
# ── Install security tools via Go ───────────────
RUN go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest \
&& go install github.com/projectdiscovery/httpx/cmd/httpx@latest \
&& go install github.com/ffuf/ffuf/v2@latest
# ── Update Nuclei templates ─────────────────────
RUN nuclei -update-templates -silent || true
# ── Install SecLists wordlists ──────────────────
RUN git clone --depth 1 \
https://github.com/danielmiessler/SecLists.git \
/usr/share/seclists
# ── Python dependencies ─────────────────────────
WORKDIR /app
COPY requirements.txt .
# We don't need to run 'playwright install' because they are already in the base image
RUN pip install --no-cache-dir -r requirements.txt
# ── Application code ────────────────────────────
COPY . .
# ── Non-root user for safety ────────────────────
RUN useradd -m scanner
USER scanner
ENTRYPOINT ["python", "main.py"]
CMD ["--config", "config.yaml", "--profile", "standard"]