Merge pull request #26 from dreadnode/ads/eng-263-feature-create-exam…

…ple-for-cicd-squealer

feat: squealer example cicd go package

cybersecurity/cicd/squealer.Dockerfile

@@ -0,0 +1,21 @@
+# Git clone stage
+FROM alpine:latest AS source
+RUN apk add --no-cache git
+WORKDIR /src
+RUN git clone https://github.com/owenrumney/squealer.git . && \
+    ls -la  # Debug: verify files
+
+# Build stage
+FROM golang:1.21-alpine AS builder
+WORKDIR /build
+COPY --from=source /src/ ./
+RUN ls -la && \
+    go mod vendor && \
+    go build -mod=vendor -ldflags="-w -s" -o squealer ./cmd/squealer
+
+# Final stage
+FROM gcr.io/distroless/static-debian12:nonroot
+WORKDIR /app
+COPY --from=builder /build/squealer /app/
+USER nonroot:nonroot
+ENTRYPOINT ["/app/squealer"]

cybersecurity/cicd/squealer.yml

@@ -0,0 +1,37 @@
+description: Squealer is a tool that finds secrets like keys, tokens and passwords in your code. It scans remote Git repositories for potential credential leaks.
+
+categories:
+  - cybersecurity
+  - cicd
+
+functions:
+  squealer_scan_git_repo:
+    description: Scan a remote git repository for secrets and credentials
+    parameters:
+      repository:
+        type: string
+        description: Git repository URL (SSH format)
+        examples:
+          - "[email protected]:username/repo.git"
+          - "[email protected]:owenrumney/woopsie.git"
+    container:
+      force: true
+      image: squealer:latest
+    cmdline:
+      - ${repository}
+
+  squealer_scan_everything_git_repo:
+    description: Scan a remote git repository and history for secrets and credentials with everything flag
+    parameters:
+      repository:
+        type: string
+        description: Git repository URL (SSH format)
+        examples:
+          - "[email protected]:username/repo.git"
+          - "[email protected]:owenrumney/woopsie.git"
+    container:
+      force: true
+      image: squealer:latest
+    cmdline:
+      - ${repository}
+      - --everything