From 78327fc62d58c7b1b57732f6652376407868f8ac Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Wed, 16 Mar 2022 01:15:10 +0300
Subject: [PATCH 1/3] tools

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 21830a0..e363b27 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
-FROM registry.cyberbrain.pw/docker/grype:latest AS base
+FROM registry.cyberbrain.pw/tools/docker/grype:latest AS base
 
-FROM registry.cyberbrain.pw/docker/alpine:latest AS common
+FROM registry.cyberbrain.pw/tools/docker/alpine:latest AS common
 
 FROM common AS executor
 COPY --from=base /grype /grype
-- 
GitLab


From 0a7158c8c55eaf81884404626f52bc757116a056 Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Wed, 16 Mar 2022 01:17:54 +0300
Subject: [PATCH 2/3] fix

---
 .hadolint.yaml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .hadolint.yaml

diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 0000000..cece24b
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,2 @@
+ignored:
+  - DL3007
-- 
GitLab


From d0908e4bbe660eb6287cce138f920a4f244cb1e3 Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Wed, 16 Mar 2022 01:36:02 +0300
Subject: [PATCH 3/3] fix

---
 Dockerfile | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e363b27..a3d444d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,19 +3,26 @@ FROM registry.cyberbrain.pw/tools/docker/grype:latest AS base
 FROM registry.cyberbrain.pw/tools/docker/alpine:latest AS common
 
 FROM common AS executor
-COPY --from=base /grype /grype
-RUN chmod +x /grype; /grype db update -v
+ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \
+    GRYPE_DB_CACHE_DIR="/tmp/db" \
+    GRYPE_DB_AUTO_UPDATE="false"
+COPY --from=base /grype /bin/grype
+RUN set -ex && \
+    chmod a+x /bin/grype && \
+    mkdir -p ${GRYPE_DB_CACHE_DIR} && \
+    chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \
+    /bin/grype db update -v
 
 FROM common AS runtime
 ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \
     GRYPE_DB_CACHE_DIR="/srv/grype/db" \
     GRYPE_DB_AUTO_UPDATE="false"
-COPY --from=executor /grype /bin/
+COPY --from=base /grype /bin/
 RUN set -ex && \
     chmod a+x /bin/grype && \
     mkdir -p ${GRYPE_DB_CACHE_DIR} && \
     chmod -R 0777 ${GRYPE_DB_CACHE_DIR}
-COPY --from=executor /root/.cache/grype/db ${GRYPE_DB_CACHE_DIR}
+COPY --from=executor /tmp/db ${GRYPE_DB_CACHE_DIR}
 RUN set -ex && \
     chmod -R 0555 ${GRYPE_DB_CACHE_DIR}
 LABEL org.label-schema.description="A vulnerability scanner for container images and filesystems (standalone)"
-- 
GitLab