-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (82 loc) · 2.65 KB
/
Dockerfile
File metadata and controls
104 lines (82 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Security Audit Agent - Production Dockerfile
# Multi-stage build for optimized image size
# =============================================================================
# Stage 1: Build Stage
# =============================================================================
FROM node:18-bullseye-slim AS builder
WORKDIR /app
# Copy package files
COPY package*.json ./
# Install dependencies (including dev dependencies for build)
RUN npm ci
# Copy source code
COPY tsconfig.json ./
COPY src/ ./src/
COPY scripts/ ./scripts/
# Build TypeScript
RUN npm run build
# =============================================================================
# Stage 2: Production Stage
# =============================================================================
FROM node:18-bullseye AS production
# Set environment
ENV NODE_ENV=production
ENV DEBIAN_FRONTEND=noninteractive
WORKDIR /app
# Install system dependencies and security tools
RUN apt-get update && apt-get install -y --no-install-recommends \
# Core utilities
curl \
wget \
git \
ca-certificates \
gnupg \
# Security tools
nmap \
dirb \
nikto \
sqlmap \
hydra \
sslscan \
# Build dependencies for native modules
python3 \
make \
g++ \
# Cleanup
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install testssl.sh
RUN git clone --depth 1 https://github.com/drwetter/testssl.sh.git /opt/testssl.sh \
&& ln -s /opt/testssl.sh/testssl.sh /usr/local/bin/testssl.sh \
&& chmod +x /opt/testssl.sh/testssl.sh
# Install nuclei (Go-based scanner)
RUN curl -L https://github.com/projectdiscovery/nuclei/releases/latest/download/nuclei_linux_amd64.zip -o /tmp/nuclei.zip \
&& unzip /tmp/nuclei.zip -d /usr/local/bin/ \
&& rm /tmp/nuclei.zip \
&& chmod +x /usr/local/bin/nuclei \
|| echo "Nuclei installation skipped (optional)"
# Copy package files
COPY package*.json ./
# Install production dependencies only
RUN npm ci --only=production
# Copy built application from builder stage
COPY --from=builder /app/dist ./dist
# Copy additional files
COPY .env.example ./.env.example
COPY scripts/ ./scripts/
# Create necessary directories
RUN mkdir -p data logs reports writeup models
# Create non-root user for security
RUN groupadd -r agent && useradd -r -g agent agent \
&& chown -R agent:agent /app
# Switch to non-root user
USER agent
# Expose ports
# 3000 - Monitoring server
# 3001 - Agent API (if applicable)
EXPOSE 3000 3001
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
# Default command (can be overridden)
CMD ["node", "dist/index.js"]