diff options
| author |   Alexander Mazuruk <a.mazuruk@samsung.com> | 2020-12-17 17:13:45 +0100 |
|---|---|---|
| committer |   Morgan Richomme <morgan.richomme@orange.com> | 2021-01-04 07:29:18 +0000 |
| commit | 846dd7f1f83214a4bd8bbf81ede5ac8bc12d81fd (patch) | |
| tree | 0916281119b678f50718019c0d9f42065eee7462 /test/legal/docker_license_analysis/README.rst | |
| parent | dd9bf99fe8c5bd124b2a578399dcd8c77496c1f8 (diff) | |
Add license analysis vagrantfile
Usage in README.rst
This Vagrantfile is intended for single image analysis.
Issue-ID: INT-1735
Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>
Change-Id: Ief45804d216a9a50777491c2cf7a8088133e5a3b
Diffstat (limited to 'test/legal/docker_license_analysis/README.rst')
| -rw-r--r-- | test/legal/docker_license_analysis/README.rst | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/test/legal/docker_license_analysis/README.rst b/test/legal/docker_license_analysis/README.rst new file mode 100644 index 000000000..71a4a3394 --- /dev/null +++ b/test/legal/docker_license_analysis/README.rst @@ -0,0 +1,80 @@ +##################################### +License Analysis of Docker Containers +##################################### + +Vagrantfile that includes tern + scancode for performing dynamic license analysis +of docker containers. It takes either a Dockerfile or image name to analyse. + + +********* +Reasoning +********* + +While there are tools supporting ONAP development that perform license analysis +and produce SBoM, they do it via static static analysis. When base image +introduces licensing issue we will have no way to know from those tools. +Additionally, the tools performing those static analysis require special access +rights which only few people have. This Vagrant box is meant to be run as close +to Docker build as possible to give feedback directly to developers. + +It has been placed in a VM due to following reasons: + +- reproducibility +- tern requires: + + * access to /dev/fuse + * access to docker.sock + +Due to the above requirements, running in Docker would require: + + * running container in --privileged mode + * passing host's /dev/fuse to the container + * passing host's docker.sock to the container + +Running it in VM creates new instances of both which should alleviate security +issues that could be present when running on host/docker + + +*************** +Getting started +*************** + +Prerequisites +============= + +`Vagrant <https://www.vagrantup.com/downloads>`_ + + +Running +======= + +Dockerfile analysis +------------------- + +Substitute the DOCKER_FILE_ANALYSE value with location of the Dockerfile +you want to analyse:: + + DOCKER_FILE_ANALYSE="/path/to/Dockerfile" vagrant up + +Please mind that the Docker on the VM needs to be able to download the base +image for analysis to take place. + +Docker image analysis +--------------------- + + +Substitute the DOCKER_IMAGE_ANALYSE value with your image of choice:: + + DOCKER_IMAGE_ANALYSE="debian:buster" vagrant up + +Please mind that the Docker on the VM needs to be able to download the image +for analysis to take place. + +Gathering results +================= + +:: + + vagrant ssh-config > ssh-config + scp -F ssh-config default:~/ternvenv/report-scancode.json report-scancode.json + |