Accurics provides a Command-Line Interface (CLI) to scan your IAC Code (Terraform, Kubernetes YAML) on the developer machine even before the code is checked into a source code management system (Github, Bitbucket, Gitlab). You can run the Accurics CLI from within a container.
To containerize the execution of the Accurics CLI:
- Create an environment in Accurics and download the environment config.
- Use the config file to build a container which can run Accurics CLI.
Here is an example Dockerfile for building the container:
FROM alpine:latest RUN apk add --no-cache --update ca-certificates git zip jq wget curl aws-cli #Download terraform bin and providers RUN wget https://releases.hashicorp.com/terraform/0.12.20/terraform_0.12.20_linux_amd64.zip && \ unzip terraform_0.12.20_linux_amd64.zip && mv terraform /bin/ #Download Accurics CLI and change the execution mode. #Note, accurics CLI can be provided as yum install package as well or RUN wget --user-agent Gxbef6fgXV4drkqf --referer xZZB84DgjSPD3xvb \ https://accurics-customer-share.s3-us-west-1.amazonaws.com/cli/accurics \ && mv accurics /bin/ && chmod +x /bin/accurics #it can also be added using COPY command from static location #ADD accurics /bin/ #RUN chmod +x /bin/accurics WORKDIR / # Add your repo. CLONE TWO REPOSITORIES ONE IS THE MODULE REPO AND THE OTHER IS THE MAIN.TF RUN git clone https://gitlab.com/accurics-demo/tf-library.git && git clone https://gitlab.com/accurics-demo/tf-project.git WORKDIR /tf-project ADD config /tf-project/ RUN terraform init CMD accurics
- Run the following to create the docker container:
$ docker build -t accurics-demo
- Verify the Docker Container with Accurics CLI.
- Run Accurics CLI PLAN. Use the following command:
$ docker run –env AWS_ACCESS_KEY_ID=”AKIAU3KROSIMPZIJ2BIX” –env AWS_SECRET_ACCESS_KEY=”eiJn4vZx5C/vDZqWJi7CEJue2NUdOM6h/ZqRMaDV” accurics-demo:latest accurics plan -var=demo_s3_bucket_name=test1