Skip to content

Latest commit

 

History

History
31 lines (22 loc) · 1.2 KB

README.md

File metadata and controls

31 lines (22 loc) · 1.2 KB

Hansel

OpenSSF Scorecard Badge

Hansel generates empty linux packages. These packages can be installed to track dependencies manually added to a container image.

Usage example

Usage

You can add hansel to an image, and generate + install tracking packages for dependencies in a single step:

FROM node:18-alpine

COPY --from=ghcr.io/shopify/hansel:latest /usr/bin/hansel /usr/bin/hansel
RUN hansel --name node --version "$(node -v | sed -e's/^v//g')" --install

You can use hansel in a multistep build to generate and install separately:

FROM ghcr.io/shopify/hansel:latest AS crumbs
RUN hansel --name rando-thing --version 1.2.3 --debian

FROM debian:bullseye
RUN curl -o /usr/bin/rando-thing https://rando.thing/v1.2.3/unsigned-blob-yolo
COPY --from=crumbs /rando-thing*.deb /tmp/rando-thing.deb
RUN dpkg -i /tmp/rando-thing.deb && \
    rm /tmp/rando-thing.deb

The name is inspired by Hansel and Gretel, as the packages are breadcrumbs left for container scanners to identify.