forked from aquasecurity/tracee
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
42 lines (34 loc) · 1.59 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
ARG BASE=fat
FROM golang:1.16-alpine as builder
RUN apk --no-cache update && apk --no-cache add git clang llvm make gcc libc6-compat coreutils linux-headers musl-dev elfutils-dev libelf-static zlib-static
WORKDIR /tracee
FROM builder as build
ARG VERSION
COPY . /tracee
RUN make
# base image for tracee which includes all tools to build the bpf object at runtime
FROM alpine as fat
RUN apk --no-cache update && apk --no-cache add clang llvm make gcc libc6-compat coreutils linux-headers musl-dev elfutils-dev libelf-static zlib-static tini
# base image for tracee which includes minimal dependencies and expects the bpf object to be provided at runtime
FROM alpine as slim
RUN apk --no-cache update && apk --no-cache add libc6-compat elfutils-dev
# final image
FROM $BASE
ARG VERSION
ARG BUILD_DATE
ARG VCS_BRANCH
ARG VCS_REF
WORKDIR /tracee
COPY --from=build /tracee/dist/tracee-ebpf /tracee/dist/tracee-rules /tracee/entrypoint.sh ./
COPY --from=build /tracee/dist/rules ./rules
COPY --from=build /tracee/tracee-rules/templates/falcosidekick.tmpl /tracee/tracee-rules/templates/rawjson.tmpl /tracee/templates/
LABEL org.label-schema.build-date=$BUILD_DATE \
org.label-schema.description="Linux Runtime Security and Forensics using eBPF" \
org.label-schema.name="tracee" \
org.label-schema.schema-version="1.0" \
org.label-schema.vcs-branch=$VCS_BRANCH \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.vcs-url="https://github.com/aquasecurity/tracee" \
org.label-schema.vendor="Aqua Security" \
org.label-schema.version=$VERSION
ENTRYPOINT ["/sbin/tini", "-g", "--", "./entrypoint.sh"]