diff --git a/cybersecurity/cicd/squealer.Dockerfile b/cybersecurity/cicd/squealer.Dockerfile new file mode 100644 index 0000000..c29f378 --- /dev/null +++ b/cybersecurity/cicd/squealer.Dockerfile @@ -0,0 +1,21 @@ +# Git clone stage +FROM alpine:latest AS source +RUN apk add --no-cache git +WORKDIR /src +RUN git clone https://github.com/owenrumney/squealer.git . && \ + ls -la # Debug: verify files + +# Build stage +FROM golang:1.21-alpine AS builder +WORKDIR /build +COPY --from=source /src/ ./ +RUN ls -la && \ + go mod vendor && \ + go build -mod=vendor -ldflags="-w -s" -o squealer ./cmd/squealer + +# Final stage +FROM gcr.io/distroless/static-debian12:nonroot +WORKDIR /app +COPY --from=builder /build/squealer /app/ +USER nonroot:nonroot +ENTRYPOINT ["/app/squealer"] \ No newline at end of file diff --git a/cybersecurity/cicd/squealer.yml b/cybersecurity/cicd/squealer.yml new file mode 100644 index 0000000..61247ea --- /dev/null +++ b/cybersecurity/cicd/squealer.yml @@ -0,0 +1,37 @@ +description: Squealer is a tool that finds secrets like keys, tokens and passwords in your code. It scans remote Git repositories for potential credential leaks. + +categories: + - cybersecurity + - cicd + +functions: + squealer_scan_git_repo: + description: Scan a remote git repository for secrets and credentials + parameters: + repository: + type: string + description: Git repository URL (SSH format) + examples: + - "git@github.com:username/repo.git" + - "git@github.com:owenrumney/woopsie.git" + container: + force: true + image: squealer:latest + cmdline: + - ${repository} + + squealer_scan_everything_git_repo: + description: Scan a remote git repository and history for secrets and credentials with everything flag + parameters: + repository: + type: string + description: Git repository URL (SSH format) + examples: + - "git@github.com:username/repo.git" + - "git@github.com:owenrumney/woopsie.git" + container: + force: true + image: squealer:latest + cmdline: + - ${repository} + - --everything