Non-Meterian Docker image configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
In this configuration a minimal base docker image is employed for the whole build hence the user must ensure the supporting tooling is installed prior to the scan.
The example below is meant for a available on GitLab. Additional special tooling is not required as the reads directly the manifest files of the project ( manifest.json
and packages-lock.json
) to produce the bill of materials and detect any vulnerable or out of date component.
Note that we are using the OpenJdk mini image, which we need to run a Java program. Then we simply download the Meterian Java Thin client and we run it with Java at the root of the project. Note that we collect the project branch and the project commits from the GitLab pipeline variables (see the ).
Note also that, in the case of Unity, we have to explicitly enable the Unity scanner engine (--scan-unity=true
) and, at the same time, disable the NodeJS scanner (--scan-nodejs=false
).