Use CMD instead of ENTRYPOINT in Dockerfile (!45) · Merge requests · GitLab.org / Secure Stage / tools / Security triage automation

Adam Cohen requested to merge use-cmd-instead-of-entrypoint into master Oct 04, 2023

What does this MR do?

This MR updates the Dockerfile to use CMD instead of ENTRYPOINT because there's some strange behaviour when using the ENTRYPOINT. For example, in this job, the CUSTOM_LABELS is set to the contents of BashDetectShellScript from the gitlab-runner:

Automator -- Creating issues for all vulnerabilities with the following details:
Automator -- Project Path:         gitlab-org/security-products/analyzers/gemnasium
Automator -- Vulnerability States: ["DETECTED"]
Automator -- Report Types:         ["CONTAINER_SCANNING", "GENERIC"]
Automator -- Severity Levels:      ["HIGH", "CRITICAL"]
Automator -- Custom Labels:        ["if [ -x /usr/local/bin/bash ]; then\n\texec /usr/local/bin/bash \nelif [ -x /usr/bin/bash ]; then\n\texec /usr/bin/bash \nelif [ -x /bin/bash ]; then\n\texec /bin/bash \nelif [ -x /usr/local/bin/sh ]; then\n\texec /usr/local/bin/sh \nelif [ -x /usr/bin/sh ]; then\n\texec /usr/bin/sh \nelif [ -x /bin/sh ]; then\n\texec /bin/sh \nelif [ -x /busybox/sh ]; then\n\texec /busybox/sh \nelse\n\techo shell not found\n\texit 1\nfi\n\n"]
Client -- Fetching schema from remote GraphQL API and saving as local file 'gl-graphql-schema.json'

I'd like to investigate this further and figure out the root cause, but in the meantime, we can fix this by switching from ENTRYPOINT to CMD.

What are the relevant issue numbers?

N/A

Use CMD instead of ENTRYPOINT in Dockerfile

What does this MR do?

What are the relevant issue numbers?

Merge request reports