forked from crytic/slither
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
71 lines (57 loc) · 2.32 KB
/
Dockerfile
File metadata and controls
71 lines (57 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# syntax=docker/dockerfile:1.12
FROM ubuntu:jammy AS final
LABEL name=slither \
src="https://github.com/trailofbits/slither" \
creator=trailofbits \
dockerfile_maintenance=trailofbits \
desc="Static Analyzer for Solidity"
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates curl git python3 python3-pip python3-venv \
&& rm -rf /var/lib/apt/lists/*
# Install uv if available for this architecture (amd64/arm64)
# uv doesn't support armv7, so those builds will use pip instead
RUN arch=$(uname -m) && \
if [ "$arch" = "x86_64" ] || [ "$arch" = "aarch64" ]; then \
curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR=/usr/local/bin sh; \
fi
# improve compatibility with amd64 solc in non-amd64 environments (e.g. Docker Desktop on M1 Mac)
ENV QEMU_LD_PREFIX=/usr/x86_64-linux-gnu
RUN if [ ! "$(uname -m)" = "x86_64" ]; then \
export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends libc6-amd64-cross \
&& rm -rf /var/lib/apt/lists/*; fi
# Install build tools only on armv7 (needed for pip to compile wheels)
# amd64/arm64 use uv with pre-built wheels, so they don't need these
RUN arch=$(uname -m) && \
if [ "$arch" = "armv7l" ]; then \
export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y --no-install-recommends build-essential python3-dev && \
rm -rf /var/lib/apt/lists/*; \
fi
RUN useradd -m slither
USER slither
WORKDIR /home/slither/slither
# Copy dependency files first for layer caching
COPY --chown=slither:slither pyproject.toml uv.lock ./
# Install dependencies - use uv if available (with lockfile), pip otherwise
RUN if command -v uv >/dev/null 2>&1; then \
uv sync --frozen --no-install-project; \
else \
python3 -m venv .venv; \
fi
# Copy source code
COPY --chown=slither:slither . .
# Install the project itself and solc-select
RUN if command -v uv >/dev/null 2>&1; then \
uv sync --frozen && \
uv tool install solc-select; \
else \
. .venv/bin/activate && \
pip install --no-cache-dir -e . solc-select; \
fi
ENV PATH="/home/slither/slither/.venv/bin:/home/slither/.local/bin:${PATH}"
RUN solc-select use latest --always-install
CMD ["/bin/bash"]