Install iptables on non-root scanner containers, or otherwise airgap after pre-requisites

The following scanner images were found to use non-root users in the Dockerfile. This prevented using iptables to airgap them as part of https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/611

eslint - https://gitlab.com/gitlab-org/security-products/analyzers/eslint/-/blob/master/Dockerfile#L13

dast - https://gitlab.com/gitlab-org/security-products/dast/-/blob/master/Dockerfile#L67

phpcs-security-audit - https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit/-/blob/master/Dockerfile#L17

Figure out a way of running these

Options

Build a custom image to run against. Requires using DinD.
Use an internal docker network if possible.
Future - airgapped environment.

Edited Oct 08, 2020 by Will Meek