osv-scanner
Source
FROM stagex/pallet-cgo AS build
ARG VERSION
ADD fetch/osv-scanner-${VERSION}.tar.gz .
ENV GOPROXY=https://proxy.golang.org,direct
ENV GOSUMDB=sum.golang.org
ENV GOPATH=/cache/go
ENV GOBIN=${GOPATH}/bin
ENV PATH=${GOBIN}:${PATH}
WORKDIR /osv-scanner-${VERSION}
RUN go mod download
RUN --network=none <<-EOF
# HACK: reduce strictness because of some buried error we have not tracked down yet
set +eux
mkdir out
go \
build \
-o out \
-v \
--ldflags="-w -s -buildid= " \
./cmd/...
mkdir -p /rootfs
install -Dm755 out/osv-scanner -t /rootfs/usr/bin/
install -Dm755 out/osv-reporter -t /rootfs/usr/bin/
EOF
FROM stagex/core-filesystem AS package
COPY --from=build /rootfs/ /Copied to clipboard!