Links

oak9 CLI Inside Docker

Creating Your Own Image

If you would like to create your own image you can use the following steps and dockerfile as a template.
1) log into oak9
2) Setup a CLI Integration with your selected project
3) Take note of the API Key & Project ID
4) Download the oak9CLI linux binary and unzip it into the directory you will create your dockerfile in
5) Create a conf.json file that contains the below and save it in the same directory as your dockerfile
{
"baseurl": "https://api.oak9.cloud/cli/",
"consoleurl": "oak9",
"version": "0.9.10",
"websocketbaseurl": "wss://ws-api.oak9.cloud"
}
6) Create your dockerfile with the below template
FROM ubuntu:latest
RUN mkdir -p /root/oak9cli
RUN apt-get update && apt-get install -y ca-certificates
ADD ./oak9 /root/oak9cli/
ADD conf.json /root/oak9cli/
ENV PATH=/root/oak9cli/:$PATH
ENV OAK9_API_KEY=""
ENV OAK9_PROJECT_ID=""
ENV OAK9_CONF_PATH="/root/oak9cli/conf.json"
ENV OAK9_DIR="/root/oak9cli/tf/"
ENTRYPOINT ["/root/oak9cli/oak9"]
CMD ["--help"]
WORKDIR /root/oak9cli
VOLUME ["/root/oak9cli/tf"]
7) Build, tag and push the image
docker build -t oak9cli -f Dockerfile . --network=host
docker push <YOUR_CONTAINER_REGISTRY>/oak9cli

How to Execute docker image

docker run -it --rm -v $TERRAFORM_FILES_PATH:$OAK9_DIR:ro oak9cli scan --directory $OAK9_DIR -p $OAK9_PROJECT -k $OAK9_API_KEY --config $OAK9_CONF_PATH

Example Output

Running oak9 version 0.9.10.
Configuration Profile: No profile foundOrganization Id: systems8ccd79adaProject Id: proj-systems8ccd79ada-1
✔ Your version is up-to-date!✔ Ready to queue validation.
Found 1 Critical Design Gap(s), 1 High Severity Design Gap(s), 2 Moderate Severity Design Gap(s), and 3 Low Severity Design Gap(s) in 1 resource(s).
Critical Design Gap(s):
BAR:TLS:1) listener.instance_protocol should be set to any of SSL,HTTPS2) listener.lb_protocol should be set to any of SSL,HTTPS
View your full validation results here:

Pull image from dockerhub

docker pull oak9/cli

Example GitLab pipeline using Oak9 CLI

1) Create Project that contains your terraform in SCM
2) follow these docs to set up a pipeline in your project, Get started with GitLab CI/CD | GitLab
3) Set all environment variables for your project, GitLab CI/CD variables | GitLab
4) Create your pipeline and run it
oak9 cli:
variables:
OAK9_PROJECT: $OAK9_PROJECT
OAK9_API_KEY: $OAK9_API_KEY
image:
name: oak9/cli
entrypoint: [""]
script:
- oak9 scan --directory ./terraform-sample/ -p $OAK9_PROJECT -k $OAK9_API_KEY
5) If you would like to fail your pipeline if there are any Critical design gaps found you can use regex,sed,awk etc. on the output to return an exit code if a set threshold is found. EX:
sed -e 's/;//g' | awk '/Critical/ && $5 > 8 { exit 1 }'
The above returns an exit code of 1 if 9 or more Critical design gaps were found in the output of the scan. You can customize this for any number of Critical, High, Moderate gaps by replacing the search string, field and integer.