From 39706d401feb0771c4beabddd3f8895b1ea6cadd Mon Sep 17 00:00:00 2001
From: dheeg <69521775+dheeg@users.noreply.github.com>
Date: Wed, 27 Apr 2022 12:08:51 +0200
Subject: [PATCH] Install Trivy client (#14)

* Install Trivy client

* Upgrade Trivy client

* Install Trivy for inbound-agent

* Install wget
---
 jenkins-inbound-agent/Dockerfile | 23 +++++++++++++++--------
 jenkins-jnlp-slave/Dockerfile    | 21 ++++++++++++++-------
 2 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/jenkins-inbound-agent/Dockerfile b/jenkins-inbound-agent/Dockerfile
index 2924737..5cf9bfb 100644
--- a/jenkins-inbound-agent/Dockerfile
+++ b/jenkins-inbound-agent/Dockerfile
@@ -11,12 +11,14 @@ ARG HELM_VERSION=3.8.1
 ARG ANSIBLE_VERSION=2.10.3
 ARG TERRAFORM_DOCS_VERSION=0.10.1
 ARG CONFTEST_VERSION=0.23.0
+ARG TRIVY_VERSION=0.27.1
 
 RUN apt-get update && apt-get dist-upgrade -y \
       && apt-get install -y \
         git \
         apt-transport-https \
         curl \
+        wget \
         init \
         openssh-server openssh-client \
         software-properties-common \
@@ -55,17 +57,22 @@ RUN apt-get update && apt-get dist-upgrade -y \
 
     #### install terraform-docs
     && curl -L "https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64" -o "terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64" \
-    && mv terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 /usr/local/bin/terraform-docs \
-    && chmod a+x /usr/local/bin/terraform-docs \
+      && mv terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 /usr/local/bin/terraform-docs \
+      && chmod a+x /usr/local/bin/terraform-docs \
 
     #### install conftest (aka opa)
     && curl -L "https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" -o "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
-    && tar xzf "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
-    && mv conftest /usr/local/bin \
-    && chmod +x /usr/local/bin/conftest \
-    && rm "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz"
-
-
+      && tar xzf "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+      && mv conftest /usr/local/bin \
+      && chmod +x /usr/local/bin/conftest \
+      && rm "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+
+    #### install trivy
+    && wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && dpkg -i "trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && rm "trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && pip3 install --no-cache-dir pyyaml nested-lookup
+ 
 RUN mkdir -p /etc/tfenv \
   && git clone --depth 1 https://github.com/tfutils/tfenv.git /etc/tfenv \
   && chown -R jenkins /etc/tfenv
diff --git a/jenkins-jnlp-slave/Dockerfile b/jenkins-jnlp-slave/Dockerfile
index 4e9fee2..99a7467 100644
--- a/jenkins-jnlp-slave/Dockerfile
+++ b/jenkins-jnlp-slave/Dockerfile
@@ -11,6 +11,7 @@ ARG HELM_VERSION=3.8.1
 ARG ANSIBLE_VERSION=2.10.3
 ARG TERRAFORM_DOCS_VERSION=0.10.1
 ARG CONFTEST_VERSION=0.23.0
+ARG TRIVY_VERSION=0.27.1
 
 RUN apt-get update && apt-get dist-upgrade -y \
       && apt-get install -y \
@@ -55,25 +56,31 @@ RUN apt-get update && apt-get dist-upgrade -y \
 
     #### install terraform-docs
     && wget https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 \
-    && mv terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 /usr/local/bin/terraform-docs \
-    && chmod a+x /usr/local/bin/terraform-docs \
+      && mv terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 /usr/local/bin/terraform-docs \
+      && chmod a+x /usr/local/bin/terraform-docs \
 
     #### install conftest (aka opa)
     && wget "https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
-    && tar xzf "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
-    && mv conftest /usr/local/bin \
-    && chmod +x /usr/local/bin/conftest \
-    && rm "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz"
+      && tar xzf "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+      && mv conftest /usr/local/bin \
+      && chmod +x /usr/local/bin/conftest \
+      && rm "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+    
+    #### install trivy
+    && wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && dpkg -i "trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && rm "trivy_${TRIVY_VERSION}_Linux-64bit.deb" \
+      && pip3 install --no-cache-dir pyyaml nested-lookup
 
 
 RUN mkdir -p /etc/tfenv \
   && git clone --depth 1 https://github.com/tfutils/tfenv.git /etc/tfenv \
   && chown -R jenkins /etc/tfenv
 
+
 USER jenkins
     #### install terraform with tfenv
 ENV PATH "$PATH:/etc/tfenv/bin"
 RUN tfenv install ${TERRAFORM_1_VERSION} \
       && tfenv install ${TERRAFORM_1_1_VERSION} \
       && tfenv use ${TERRAFORM_1_VERSION}
-