agent-security-scanner-mcp/Dockerfile.clawhub-scanner at main · sinewaveai/agent-security-scanner-mcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Dockerfile for ClawHub Security Scanner
# Isolated environment for safe skill scanning

FROM node:20-slim

# Install Python and dependencies
RUN apt-get update && apt-get install -y \
    python3 \
    python3-pip \
    git \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN useradd -m -s /bin/bash scanner && \
    mkdir -p /scan /app && \
    chown -R scanner:scanner /scan /app

WORKDIR /app

# Copy package files and scripts (needed for postinstall)
COPY package*.json ./
COPY requirements.txt ./
COPY scripts ./scripts

# Install Node.js dependencies
RUN npm install && \
    npm install -g clawhub

# Install Python dependencies
RUN pip3 install --no-cache-dir -r requirements.txt --break-system-packages

# Copy application code
COPY --chown=scanner:scanner . .

# Switch to non-root user
USER scanner

# Set working directory for scans
WORKDIR /scan

# Environment variables
ENV SCANNER_PREWARM=0
ENV NODE_ENV=production

# Run the scanner
CMD ["node", "/app/index.js", "scan-clawhub"]