'CI tools for static checking of environment variables definition

For some security reasons, all of our projects are not allowed to define the environment variables in Dockerfile ,entrypoint.sh (for starting the application). Currently, we have to review each merge request manually to ensure this rule, I wonder if there is some ci tool to automate this work to make life easier, thanks!

jenkinscontinuous-integrationsonarqubegitlab-ci


Solution 1:[1]

GitLab comes with container scanning by default, but I don't believe it's possible to achieve this level of granularity. This might be possible in a pipeline using Trivy for scanning in conjunction with custom Trivy policies to detect misconfigurations in Dockerfiles. It will take some trial and error to detect and write custom policies, but I believe it can be done.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 dcoy

Related Questions

Jenkins Content Security Policy

setUp method: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows:

SonarQube 3.7 with maven and Jenkins - Maven session does not declare a top level project

How can I pass variables to post-build actions in Jenkins?

How to add a timeout step to Jenkins Pipeline

Jenkins not building docker image, can't find the docker command

compare 2 variables in jelly script

Jenkins Ambiguous Permission

Error - Jenkins detected running multiple instances

How to get child job logs in parent job on child job failure?

create jenkins ssh username with private key credential via rest xml api

How to stop build from executing from the pipeline script?

How to prevent Jenkins SCM polling from triggering a build on branch creation

jenkins builds filtering based on build description

Jenkins shell script returned exit code 1 when the searched string isn't exsist