Copy file from dockerfile build to host - bandit

Question

I just started learning docker. To teach myself, I managed to containerize bandit (a python code scanner) but I'm not able to see the output of the scan before the container destroys itself. How can I copy the output file from inside the container to the host, or otherwise save it?

Right now i'm just using bandit to scan itself basically :)

Dockerfile

FROM python:3-alpine
WORKDIR /
RUN pip install bandit
RUN apk update && apk upgrade
RUN apk add git
RUN git clone https://github.com/PyCQA/bandit.git ./code-to-scan
CMD [ "python -m bandit -r ./code-to-scan -o bandit.txt" ]

Answer 1

You can mount a volume on you host where you can share the output of bandit.

For example, you can run your container with:

docker run -v $(pwd)/output:/tmp/output -t your_awesome_container:latest

And you in your dockerfile:

...
CMD [ "python -m bandit -r ./code-to-scan -o /tmp/bandit.txt" ]

This way the bandit.txt file will be found in the output folder.

Answer 2

Better place the code in your image not in the root directory. I did some adjustments to your Dockerfile.

FROM python:3-alpine
WORKDIR /usr/myapp
RUN pip install bandit
RUN apk update && apk upgrade
RUN apk add git
RUN git clone https://github.com/PyCQA/bandit.git .
CMD [ "bandit","-r",".","-o","bandit.txt" ]`

This clones git in your WORKDIR. Note the CMD, it is an array, so just devide all commands and args as in the Dockerfile about.

I put the the Dockerfile in my D:\test directory (Windows). docker build -t test .

docker run -v D:/test/:/usr/myapp test It will generate you bandit.txt in the test folder.

After the code is execute the container exits, as there are nothing else to do.

you can also put --rm to remove the container once it finishs.

docker run --rm  -v D:/test/:/usr/myapp test