Merge pull request #315 from replicatedcom/divolgin/cve

divolgin · web-flow · commit 999ffd97707a · 2023-09-12T12:51:19.000-07:00
Make and readme updates with info used to make this release
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -30,15 +30,10 @@ jobs:
     steps:
       - checkout
       - setup_remote_docker
-      - run:
-          name: Build image
-          command: |
-            docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
       - run:
           name: Run local image vulnerability scan
           command: |
-            curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
-            ./grype --fail-on=medium --only-fixed --config=.circleci/.anchore/grype.yaml -vv replicated/support-bundle:base
+            make scan-base
 
   e2e:
     # Use machine for volume binding support in Docker
diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,4 @@
 *.out
 
 .DS_Store
+grype
diff --git a/Makefile b/Makefile
@@ -221,3 +221,12 @@ support-bundle-generate: goreleaser
 	@mkdir -p .state
 	docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
 	@touch .state/base
+
+grype:
+	curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
+
+build-base:
+	docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
+
+scan-base: build-base grype
+	./grype --fail-on=medium --only-fixed --config=.circleci/.anchore/grype.yaml -vv replicated/support-bundle:base
diff --git a/README.md b/README.md
@@ -18,6 +18,12 @@ make test
 make e2e-supportbundle-core e2e-supportbundle-docker
 ```
 
+## Scanning image prior to release
+
+```
+make scan-base
+```
+
 ## Releases
 
 Releases are created on CircleCI when a tag is pushed.

Original file line number	Diff line number	Diff line change
`@@ -22,3 +22,4 @@`
`22`	`22`	`*.out`
`23`	`23`
`24`	`24`	`.DS_Store`
	`25`	`+grype`