Deploy Chalk globally via Docker

Automatically get visibility for every Docker build

Summary

One of the biggest challenges to automatically tying together information you have about production to information you have about source code is the ease of deployment at scale.

Nobody wants to deploy one repository at a time, and if you do ask people to add things to their pipelines, it will probably be forgotten or misused.

With Chalk™, when your teams build via Docker, you can easily set up Chalk on your build systems to automatically operate on every Docker build. All you need to do is:

Install a configured Chalk binary.
Set up a renamed binary or global alias for docker, having it call Chalk.

That's it. Chalk figures out the rest.

Steps

Prerequisite: Install a configured binary.

The easiest way to get Chalk is to download a prebuilt binary from our release page. It's a self-contained binary with no dependencies to install.

Configuring Chalk is also easy. For the sake of example, we will use our compliance configuration regardless of the method you will be using.

If Chalk is in your current directory, run:

chalk load https://chalkdust.io/compliance-docker.c4m

You could now deploy chalk and ask everyone to run it by invoking chalk before their docker commands. But that's easy to forget. It's better to automatically call chalk when invoking Docker. There are two ways to do this: by placing a renamed Chalk binary in your local user directory or by creating a global alias.

Option 1: Renaming

This is the recommended method of invoking Chalk alongside Docker. It takes a few more steps than aliasing and is reliant on knowing the location of your Chalk binary, but it will not interfere with Docker commands.

First, confirm that you are running your command line from the same location as your Chalk binary. You can find Chalk's location by running:

which chalk

Next, from the returned location of your Chalk binary, run the following command:

cp chalk /usr/local/bin/docker

You may need to sudo cp depending on your user permissions.

This command will create a copy of your Chalk binary, rename it to Docker, and will load it before any 'docker' commands.

Option 2: Global alias

You can also invoke Chalk with a global alias. Your build systems will have a global file for bash configuration which, these days, is almost always /etc/bash.bashrc (but if it's not there, it should be at/etc/bashrc).

This file runs when any bash shell starts. All you need to add to this file is:

alias docker=chalk

💀 Some people add global aliases to /etc/profile.d, but we do not recommend this, because some (non-login) shells will not use this.

Once you add this, you can log out and log back in to make the alias take effect or simply source the file:

source /etc/bash.bashrc

Now, whenever a new bash shell gets created that starts a docker process, they'll be automatically configured to call chalk instead.

Conclusion

Regardless of the method used, we've configured chalk to use the Chalk docker command whenever it doesn't see any of its own commands. We always run the Docker command intended by the user, but we also collect and report on environmental info in Chalk marks.

You can also ask Chalk to add automatic data reporting on startup to built containers if you'd like, as described in our how-to on building an application inventory

Our cloud platform

We have tried to make doing everything with Chalk as easy as possible, and our cloud platform makes it even easier. It is designed for enterprise deployments and provides additional functionality, including prebuilt configurations to solve common tasks, prebuilt integrations to enrich your data, a built-in query editor, an API, and much more.

There are both free and paid plans. You can join the waiting list for early access.

How-to Guides User Guide