I'm kinda stuck exploring Docker features in order to create simple container with some Go utilities installed. I need to create image that has gosec and govulncheck utilities installed so I can run them on code in container. My petty attempt produced the following:

# syntax=docker/dockerfile:1
FROM golang:1.19-alpine

WORKDIR /app
ENV GO111MODULE=on

# copying my code to check
COPY go.mod ./
COPY go.sum ./
RUN go mod download
COPY *.go ./

RUN go build -o /docker-gs-ping

RUN apk add --no-cache git
RUN go install github.com/securego/gosec/v2/cmd/gosec@latest
RUN go install golang.org/x/vuln/cmd/govulncheck@latest

EXPOSE 8080

CMD [ "gosec ./..." ]

Running the container results in error:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "gosec ./...": stat gosec ./...: no such file or directory: unknown.
ERRO[0000] error waiting for container: context canceled 

It looks like I need to specify paths to installed utilities, but I couldn't make it work

CodePudding user response：

This isn't a path issue; the problem is the syntax you've used in the CMD statement in your Dockerfile. You're using the JSON-format of the CMD statement; the first argument in the JSON list is the name of the command to run. You've asked Docker to run a command named gosec ./..., which of course doesn't exist.

You need to split that into multiple list items:

CMD [ "gosec", "./..." ]

Alternatively, you can use the shell form of the CMD directive:

CMD  gosec ./...

Either of those will run gosec when you start the container.