{"id":46412311,"url":"https://github.com/tooark/base-images","last_synced_at":"2026-07-05T01:00:56.670Z","repository":{"id":323425091,"uuid":"1093189776","full_name":"Tooark/base-images","owner":"Tooark","description":"Imagens base de ferramentas para Deploy com aws-cli, gcloud, terraform e trivy","archived":false,"fork":false,"pushed_at":"2026-07-02T20:03:49.000Z","size":329,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-07-02T20:25:28.916Z","etag":null,"topics":["aws-cli","deploy","devops","devsecops","docker","gcloud","hadolint","sonarqube","terraform","tooark","trivy"],"latest_commit_sha":null,"homepage":"https://tooark.com/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tooark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-scanner/.dockerignore","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-10T03:10:17.000Z","updated_at":"2026-07-02T20:03:54.000Z","dependencies_parsed_at":"2026-05-23T08:00:46.362Z","dependency_job_id":null,"html_url":"https://github.com/Tooark/base-images","commit_stats":null,"previous_names":["tooark/base-images"],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/Tooark/base-images","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tooark%2Fbase-images","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tooark%2Fbase-images/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tooark%2Fbase-images/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tooark%2Fbase-images/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tooark","download_url":"https://codeload.github.com/Tooark/base-images/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tooark%2Fbase-images/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35140189,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cli","deploy","devops","devsecops","docker","gcloud","hadolint","sonarqube","terraform","tooark","trivy"],"created_at":"2026-03-05T13:31:16.485Z","updated_at":"2026-07-05T01:00:56.629Z","avatar_url":"https://github.com/Tooark.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# base-images\n\nRepository of base images for CI/CD and infrastructure automation.\n\nEach subproject has its own Dockerfile, versioning, and documentation.\n\n🌍 **Languages:** ![USA Flag](https://flagcdn.com/w20/us.png) **English (this file)** · [![Brazil Flag](https://flagcdn.com/w20/br.png) Português](https://github.com/Tooark/base-images/blob/main/README.pt-BR.md)\n\n---\n\n## Table of contents\n\n- [Overview](#overview)\n- [Image documentation](#image-documentation)\n- [Ready-made examples](#ready-made-examples)\n- [Repository structure](#repository-structure)\n- [Versioning and automation](#versioning-and-automation)\n- [Recommended workflow](#recommended-workflow)\n- [License](#license)\n\n---\n\n## Overview\n\nThis repository centralizes Docker images used in pipelines and infrastructure automation.\n\nEach image keeps:\n\n- a Dockerfile with a reproducible build\n- a VERSION file for release control\n- a DESCRIPTION with a functional summary\n- a README with the image contents, quick start, pipeline examples, and local build\n\nAll images share the same base (`debian:13-slim`), run as the non-root user (`app`), and use the same `docker-entrypoint.sh`, which adjusts the `docker.sock` GID and drops privileges via `gosu` at runtime.\n\n---\n\n## Image documentation\n\n| Subproject             | What it contains                                                            | Documentation                                                    |\n| ---------------------- | --------------------------------------------------------------------------- | ---------------------------------------------------------------- |\n| `aws-cli`              | AWS CLI v2 + kubectl + Docker CLI + Buildx                                  | [aws-cli/README.md](aws-cli/README.md)                           |\n| `dockerx`              | Docker CLI + Buildx plugin for multi-architecture builds                    | [dockerx/README.md](dockerx/README.md)                           |\n| `gcloud-cli`           | Google Cloud SDK (`gcloud`, `gsutil`, `bq`) + kubectl + Docker CLI + Buildx | [gcloud-cli/README.md](gcloud-cli/README.md)                     |\n| `tofu`                 | OpenTofu CLI                                                                | [tofu/README.md](tofu/README.md)                                 |\n| `tofu-aws`             | OpenTofu + AWS CLI v2 + kubectl                                             | [tofu-aws/README.md](tofu-aws/README.md)                         |\n| `tofu-gcloud`          | OpenTofu + Google Cloud SDK + kubectl                                       | [tofu-gcloud/README.md](tofu-gcloud/README.md)                   |\n| `tofu-aws-gcloud`      | OpenTofu + AWS CLI v2 + Google Cloud SDK + kubectl                          | [tofu-aws-gcloud/README.md](tofu-aws-gcloud/README.md)           |\n| `security-scanner`     | Trivy + Hadolint + BetterLeaks + `ark-tools` wrapper for scans and reports  | [security-scanner/README.md](security-scanner/README.md)         |\n| `sonar-scanner`        | Sonar Scanner CLI for analysis in CI/CD pipelines                           | [sonar-scanner/README.md](sonar-scanner/README.md)               |\n| `terraform`            | Terraform CLI (deprecated)                                                  | [terraform/README.md](terraform/README.md)                       |\n| `terraform-aws`        | Terraform + AWS CLI v2 + kubectl (deprecated)                               | [terraform-aws/README.md](terraform-aws/README.md)               |\n| `terraform-gcloud`     | Terraform + Google Cloud SDK + kubectl (deprecated)                         | [terraform-gcloud/README.md](terraform-gcloud/README.md)         |\n| `terraform-aws-gcloud` | Terraform + AWS CLI v2 + Google Cloud SDK + kubectl (deprecated)            | [terraform-aws-gcloud/README.md](terraform-aws-gcloud/README.md) |\n| `trivy-hadolint`       | Trivy + Hadolint + `ark-tools` wrapper for scans and reports                | [trivy-hadolint/README.md](trivy-hadolint/README.md)             |\n\n---\n\n## Ready-made examples\n\nUse these files as a starting point for local validation and pipelines:\n\n- Guide with local examples and usage instructions: [samples/README.md](samples/README.md)\n- Build/publish pipeline for GitHub Actions: [samples/github-actions-images.yml](samples/github-actions-images.yml)\n- Build/publish pipeline for GitLab CI: [samples/gitlab-ci-images.yml](samples/gitlab-ci-images.yml)\n\nDedicated examples for security-scanner:\n\n- Full local run: [samples/security-scanner-local.sh](samples/security-scanner-local.sh)\n- Full GitHub Actions pipeline: [samples/security-scanner-github-actions.yml](samples/security-scanner-github-actions.yml)\n- Full GitLab CI pipeline: [samples/security-scanner-gitlab-ci.yml](samples/security-scanner-gitlab-ci.yml)\n\n---\n\n## Repository structure\n\n- Each subproject folder contains:\n  - `Dockerfile`: image definition\n  - `VERSION`: subproject version\n  - `DESCRIPTION`: short image summary\n  - `README.md`: usage, variables, and examples\n  - `.trivyignore`: accepted CVE exceptions for the image security scan\n\n---\n\n## Versioning and automation\n\nThe [versions.env](versions.env) file centralizes the versions of all tools and images.\n\nThe `script/` folder contains the automation scripts:\n\n| Script                            | Purpose                                                     |\n| --------------------------------- | ----------------------------------------------------------- |\n| `fetch-latest-stable-versions.py` | Fetches the latest stable versions of each tool             |\n| `update-versions.py`              | Updates `versions.env` and manages the `.trivyignore` files |\n\n### Automatic .trivyignore management\n\nWhen the `update-versions.py` script detects a new tool version, it:\n\n1. **Clears and reinitializes** the `.trivyignore` of **all images impacted** by the changed version.\n2. **Does not rebuild or automatically inherit** exceptions across images.\n3. Recreates the file with a standard header and an automatic review date, so the maintainer can manually add only the CVEs accepted for that version.\n\n\u003e Example: if `GCLOUD_VERSION` changes, the script clears and recreates the `.trivyignore` of `gcloud-cli/`, `tofu-gcloud/`, `terraform-gcloud/`, and `terraform-aws-gcloud/`. None of these files receive CVEs automatically.\n\n---\n\n## Recommended workflow\n\n1. Choose the image from the catalog in [Image documentation](#image-documentation).\n2. Follow the quick start and the variables in the chosen image's README.\n3. Use the examples in [samples/README.md](samples/README.md) and the dedicated security-scanner files for initial integration.\n4. For releases and version updates, use the scripts in the [script/](script/fetch-latest-stable-versions.py) folder.\n\n---\n\n## License\n\nMIT - see the [LICENSE](LICENSE) file at the repository root.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftooark%2Fbase-images","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftooark%2Fbase-images","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftooark%2Fbase-images/lists"}