Merge branch 'bump-busybox' into 'development'

bump busybox See merge request !14

Merge branch 'bump-busybox' into 'development'
bump busybox See merge request !14
60cd53e6 · sean.melissari · bdd548b0 · 9fdea982 · 60cd53e6 · 60cd53e6
Commit 60cd53e6 authored Apr 08, 2021 by sean.melissari
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 8 deletions

Dockerfile Dockerfile +5 -2

hardening_manifest.yaml hardening_manifest.yaml +8 -6

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,9 @@ ARG BASE_IMAGE=ironbank/google/distroless/static
 ARG BASE_TAG=nonroot
 FROM gcr.io/kaniko-project/executor:v1.5.1-debug as upstream
+FROM busybox:1.32.1 as busybox
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 ENV PATH /kaniko:/busybox
@@ -14,7 +17,7 @@ ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_co
 USER 0
 # Copy out all binary files
-COPY --from=upstream /busybox /busybox
+COPY --from=busybox /bin /busybox
 RUN ["mkdir", "-p", "/kaniko", "/kaniko/.docker", "/workspace", "/kaniko/ssl/certs"]
 RUN ["cp", "/etc/ssl/certs/ca-certificates.crt", "/kaniko/ssl/certs/ca-certificates.crt"]
 COPY --from=upstream /kaniko/docker-credential-acr /kaniko/docker-credential-acr
@@ -29,4 +32,4 @@ WORKDIR /workspace
 HEALTHCHECK NONE
 ENTRYPOINT ["executor"]
\ No newline at end of file
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -19,7 +19,7 @@ labels:
  ## Human-readable description of the software packaged in the image
  org.opencontainers.image.description: "kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster"
  ## License(s) under which contained software is distributed
-  org.opencontainers.image.licenses: "Apache License 2.0"
+  org.opencontainers.image.licenses: "Apache-2.0"
  ## URL to find more information on the image
  org.opencontainers.image.url: "https://github.com/GoogleContainerTools/kaniko"
  ## Name of the distributing entity, organization or individual
@@ -29,18 +29,20 @@ labels:
  mil.dso.ironbank.image.keywords: "docker,google,rootless,cicd"
  ## This value can be "opensource" or "commercial"
  mil.dso.ironbank.image.type: "opensource"
-  # ## Product the image belongs to for grouping multiple images
+  ## Product the image belongs to for grouping multiple images
  mil.dso.ironbank.product.name: "kaniko"
 resources:
 - tag: gcr.io/kaniko-project/executor:v1.5.1-debug
  url: docker://gcr.io/kaniko-project/executor@sha256:e00dfdd4a44097867c8ef671e5a7f3e31d94bd09406dbdfba8a13a63fc6b8060
+- tag: busybox:1.32.1
+  url: docker://docker.io/library/busybox@sha256:1ccc0a0ca577e5fb5a0bdf2150a1a9f842f47c8865e861fa0062c5d343eb8cac
 maintainers:
 - email: "joshua.t.carnes@lmco.com"
-#   # The name of the current container owner
  name: "Joshua Carnes"
-#   # The gitlab username of the current container owner
  username: "jcarnes"
+- name: "Sean Melissari"
+  username: "sean.melissari"
+  email: "melissari_sean@bah.com"
+  cht_member: true