gobuster icon indicating copy to clipboard operation
gobuster copied to clipboard

Published 20 hours ago verified publisher icon OJ

Add Gobuster to Docker Hub

Open sbani opened this issue 4 years ago • 2 comments

Hi,

first things first: Thank you for the great software!

I wanted to use gobuster by running it in Docker. Though there's no container image running the newest software, all of them seem to be outdated. The reason is that their containers do not rebuild when you update to a new version.

You can setup automatic builds using Dockerhub: https://docs.docker.com/docker-hub/builds/ When done all pushes to master automatically build a new image. This is pretty easy to setup as long as you have the correct rights for the repository. I'm not able to create the auto build.

The biggest step to provide a Docker image from your side is already done: You have a working Dockerfile in the repo.

Do you plan to manage a Docker image? Can I help you somehow?

Thank you and best regards

sbani avatar Nov 09 '20 08:11 sbani

Hello. Thanks for the comment. I had considered it, but given that the build system we are using currently allows us to easily generate binaries (which are found in the releases section I didn't feel the need to build a container. Downloading the binary is smaller.

If there's enough interest, I'm happy to manage a docker image.

OJ avatar Nov 17 '20 00:11 OJ

Sure, let's ask the community.

I see you link Travis. Is this your main build system (CI)? Because the .travisci.yml is not shown in the master branch. Maybe we can push the container by using the build system? This approach centralizes everything to the build system and is still easily managed. Let me know what you think about that and I will try to help you achieve it.

sbani avatar Nov 17 '20 08:11 sbani

Hey @OJ, there's no response from the community here. However, somebody added an image to Docker Hub: https://hub.docker.com/r/devalias/gobuster. It has more than 100k pulls.

More than 100k pulls shows me that there is a need for an image. Yes, there's an image already, however, I always prefer an official one.

Anyways, I don't want to press you into doing something that you don't want to do! Just wanted to give an update here.

Thanks for your great work!

sbani avatar Feb 15 '23 08:02 sbani

Thanks @sbani. That image is well and truly out of date, so I would argue that @0xdevalias may have abandoned it.

I'll have a think about what to do from here. As you said, with that many pulls it might just be worth it. Thank you!

OJ avatar Feb 16 '23 03:02 OJ

Definitely not something I have actively maintained for years. My preference is always for a fully automated and integrated build process that 'just happens', as close to the source as possible.

Obviously this isn't my project, but from my perspective, providing the options (even if they might be slightly bigger file size) for convenience, for essentially a 'once off cost' of setting up the build system code is pretty worthwhile.

I can't remember exactly, but I'm pretty sure I have a repo here on GitHub with the Dockerfile I was using to build it from. From memory it's statically compiled in a multi build stage file, that ends up in a 'FROM scratch' container; so essentially has little to no 'file size overhead' over the raw binary; yet with the added conveniences of docker.

Edit: this is the repo: https://github.com/0xdevalias/docker-gobuster

0xdevalias avatar Feb 16 '23 03:02 0xdevalias

Hi, the current problem with dockerhub is that you can't have scoped access tokens which are limited to a single repository, you can only scope the actions. This would require us to put our personal access token in a shared repo to update the package on the hub. This means that this token can also modify all other packages in your account across all organizations. Until this is fixed I guess we will not have an official docker image. An alternative would be to use github's container registry which is currently still free (but subject to change) but they only allow 1GB of data transfer once they switch ( https://docs.github.com/en/billing/managing-billing-for-github-packages/about-billing-for-github-packages ) which I guess is not enough for several pulls.

firefart avatar Feb 20 '23 08:02 firefart

https://docs.github.com/en/billing/managing-billing-for-github-packages/about-billing-for-github-packages#about-billing-for-github-packages

GitHub Packages usage is free for public packages. For private packages, each account on GitHub.com receives a certain amount of free storage and data transfer, depending on the product used with the account.

image

@firefart Sounds like it wouldn't be metered since gobuster is public?

0xdevalias avatar Mar 27 '23 05:03 0xdevalias

the first package is published to github container registry: https://github.com/OJ/gobuster/pkgs/container/gobuster

firefart avatar Aug 15 '23 09:08 firefart

Thank you very much. I close this issue.

sbani avatar Aug 15 '23 12:08 sbani