feat: use the go-rpmdb tool for RPM scanning

Bump the snyk-docker-plugin to the version that integrates RPM DB analysis.
This requires building the go-rpmdb tool and embedding it in the image: this is done as a separate build stage.

Author: ivanstanev

Dockerfile

@@ -10,7 +10,18 @@ RUN cd $GOPATH/src/github.com/containers/skopeo \
   && make install
 
 #---------------------------------------------------------------------
-# STAGE 2: Build the kubernetes-monitor
+# STAGE 2: Build the go-rpmdb tool.
+#---------------------------------------------------------------------
+FROM golang:1.13.1-alpine3.10 AS rpmdb-build
+
+RUN apk --no-cache add git gcc musl-dev db-dev openssl-dev
+RUN git clone --depth 1 -b 'v1.1.0' https://github.com/snyk/go-rpmdb $GOPATH/src/github.com/snyk/go-rpmdb
+RUN cd $GOPATH/src/github.com/snyk/go-rpmdb \
+    && GIT_COMMIT=$(git rev-parse HEAD 2> /dev/null || true) \
+    && GO111MODULE=on go build -ldflags "-X main.gitCommit=${GIT_COMMIT}" -o rpmdb ./cmd/rpmdb
+
+#---------------------------------------------------------------------
+# STAGE 3: Build the kubernetes-monitor
 #---------------------------------------------------------------------
 FROM node:dubnium-alpine
 
@@ -31,6 +42,9 @@ COPY --from=skopeo-build /usr/bin/skopeo /usr/bin/skopeo
 COPY --from=skopeo-build /etc/containers/registries.d/default.yaml /etc/containers/registries.d/default.yaml
 COPY --from=skopeo-build /etc/containers/policy.json /etc/containers/policy.json
 
+RUN apk --no-cache add db
+COPY --from=rpmdb-build /go/src/github.com/snyk/go-rpmdb/rpmdb /usr/bin/rpmdb
+
 WORKDIR /root
 
 # Add manifest files and install before adding anything else to take advantage of layer caching

package-lock.json

@@ -41,7 +41,7 @@
     "needle": "^2.4.0",
     "response-time": "^2.3.2",
     "snyk-config": "^2.2.0",
-    "snyk-docker-plugin": "^1.32.1",
+    "snyk-docker-plugin": "^1.33.0",
     "source-map-support": "^0.5.9",
     "tslib": "^1.9.3",
     "ws": "^7.0.0",