CycloneDX · bandhan-majumder · Aug 14, 2025 · Aug 15, 2025 · Aug 16, 2025 · prabhu
@@ -0,0 +1,65 @@
+# Base-image
+FROM rust:1-alpine3.20 AS base
+
+ENV PATH=${PATH}:/usr/local/bin:/root/.local/bin
+
+RUN apk update && apk add --no-cache \
+    bash \
+    bzip2 \
+    build-base \
+    curl \
+    gawk \
+    git \
+    make \
+    musl-dev \
+    nodejs \
+    npm \
+    openssl-dev \
+    pkgconfig \
+    py3-pip \
+    python3 \
+    python3-dev \
+    py3-virtualenv \
+    unzip \
+    zip \
+    libffi-dev \
+    gcc \
+    g++ \
+    && npm install -g npm corepack \
+    && /usr/bin/python3 --version \
+    && node -v \
+    && npm -v \
+    && rustc --version \
+    && cargo --version \
+    && rm -rf /var/cache/apk/*
+
+# cdxgen-image
+FROM base AS cdxgen
+
+LABEL maintainer="CycloneDX" \
+      org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
+      org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \
+      org.opencontainers.image.version="rolling" \
+      org.opencontainers.image.vendor="CycloneDX" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.title="cdxgen" \
+      org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for rust apps" \
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-alpine-rust1:v11 -r /app --server"
+
+ENV CDXGEN_IN_CONTAINER=true \
+    NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
+    PYTHONPATH=/opt/pypi
+ENV PATH=${PATH}:/usr/local/bin:${PYTHONPATH}/bin:/opt/cdxgen/node_modules/.bin
+
+COPY . /opt/cdxgen
+
+RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --no-optional --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \
+    && npm uninstall -g corepack \
+    && apk del npm python3-dev py3-pip py3-virtualenv gcc g++ musl-dev make build-base openssl-dev pkgconfig libffi-dev \
+    && mkdir -p ${NODE_COMPILE_CACHE} \
+    && node /opt/cdxgen/bin/cdxgen.js --help \
+    && rm -rf /root/.cache/node \
+    && chmod a-w -R /opt
+WORKDIR /app
+ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"]