synor/Dockerfile.security

# Dockerfile for security auditing tools
# Includes cargo-audit, cargo-deny, cargo-fuzz, and other security scanners

FROM rust:1.85-bookworm

# Install security tools (using versions compatible with Rust 1.85)
RUN cargo install cargo-audit --locked && \
    cargo install cargo-deny@0.18.3 --locked && \
    cargo install cargo-outdated --locked && \
    cargo install cargo-geiger --locked

# Install additional build dependencies for full compilation
RUN apt-get update && apt-get install -y \
    cmake \
    clang \
    libclang-dev \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Default command runs full security audit
CMD ["sh", "-c", "\
    echo '========================================' && \
    echo 'Synor Security Audit Report' && \
    echo '========================================' && \
    echo '' && \
    echo '=== 1. VULNERABILITY SCAN (cargo audit) ===' && \
    cargo audit || true && \
    echo '' && \
    echo '=== 2. LICENSE & SECURITY CHECK (cargo deny) ===' && \
    (cargo deny check 2>&1 || echo 'Note: Configure deny.toml for full check') && \
    echo '' && \
    echo '=== 3. OUTDATED DEPENDENCIES ===' && \
    cargo outdated --root-deps-only 2>&1 || true && \
    echo '' && \
    echo '=== 4. UNSAFE CODE USAGE (cargo geiger) ===' && \
    cargo geiger --output-format Ratio 2>&1 || true && \
    echo '' && \
    echo '========================================' && \
    echo 'Security Audit Complete' && \
    echo '========================================' \
"]