replicatedcom · divolgin · Sep 12, 2023 · Sep 12, 2023
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -30,15 +30,10 @@ jobs:
     steps:
       - checkout
       - setup_remote_docker
-      - run:
-          name: Build image
-          command: |
-            docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
       - run:
           name: Run local image vulnerability scan
           command: |
-            curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
-            ./grype --fail-on=medium --only-fixed --config=.circleci/.anchore/grype.yaml -vv replicated/support-bundle:base
+            make scan-base
 
   e2e:
     # Use machine for volume binding support in Docker

diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,4 @@
 *.out
 
 .DS_Store
+grype
diff --git a/Makefile b/Makefile
@@ -221,3 +221,12 @@ support-bundle-generate: goreleaser
 	@mkdir -p .state
 	docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
 	@touch .state/base
+
+grype:
+	curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
+
+build-base:
+	docker build --pull -t replicated/support-bundle:base -f deploy/Dockerfile-base deploy/
+
+scan-base: build-base grype
+	./grype --fail-on=medium --only-fixed --config=.circleci/.anchore/grype.yaml -vv replicated/support-bundle:base
diff --git a/README.md b/README.md
@@ -18,6 +18,12 @@ make test
 make e2e-supportbundle-core e2e-supportbundle-docker
 ```
 
+## Scanning image prior to release
+
+```
+make scan-base
+```
+
 ## Releases
 
 Releases are created on CircleCI when a tag is pushed.