Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker hub #406

Merged
merged 59 commits into from Apr 6, 2020
Merged

Docker hub #406

merged 59 commits into from Apr 6, 2020

Conversation

jdowni000
Copy link
Contributor

Created a Dockerfile best practice scanner as well as a docker image vulnerability scanner for each check. Additionally I have added a user named user to each container. The binaries are no longer being ran as root.

Justin Downie added 30 commits March 31, 2020 13:21
trying to add hadolint in actions
e51e768
trying to add hadolint in actions
d078582
added sudo for root permissions
3833e16
trying docker pull image for debian version of hadolint
0d8f7f6
udpated to use hadolint action
834b496
udpated to use hadolint action
dcf6dba
udpated to use hadolint action
9f0883c
corrected Dockerfile for errors DL3006 DL3020 DL3025 from hadolint
fff7743
set env HADOLINT_ACTION_COMMENT to false
8379fa6
specified golang version in Dockerfile
3c50d40
corrected docker tag and push in github action yaml
82d7201
corrected docker tag and push in github action yaml
709ea87
first attempt using docker-bench-security stand alone
7b2d789
working with error in regards to docker build -no-cache
a2494f5
working with error in regards to docker build -no-cache
aab3b68
adjusting docker build error to use pipe
3cdc64e
removing docker image scan checking for errors
2015116
Test using anchore api call docker image scan
8b41d02
Test using anchore api call docker image scan
f2fd5a9
removing custom policy bundle from command
13b1644
adjusitng image scan for local image instead of Dockerhup repo
8a00fc2
adding Dockerfile location to pipe for curl anchore api
18a536c
explicityly stating docker image instead of value
91d407b
moving steps to pull from repo instead of inline local image pull
b696bdf
explicitly calling out :latest in image tag
e00bd0e
adding dockerfile and docker image check to action ami-check
fb52ef7
adding dockerfile and docker image check to check-reaper
d98d670
adding golang version for check-reaper Dockerfile
b3f403d
adding golang version for check-reaper Dockerfile
f35038f
adding Dockerfile and Docker image check to action check-reaper
6d592cd
Justin Downie added 23 commits April 1, 2020 15:14
adding Dockerfile and Docker image check to action pod-restarts-check
5a5bff7
adding Dockerfile and Docker image check to action pod-status-check
d1a5078
adding Dockerfile and Docker image check to action resource-quota-check
29832f0
adding Dockerfile and Docker image check to action test-external-check
8e037f1
adding user to Dockerfile for least privileges for http-content-checker
c715348
adding user to Dockerfile perm 777 for http-content-checker
c6b9893
adding user docker to Dockerfile for http-content-checker
fefd39a
updating permission of entrypoint in Dockerfile
c883335
updating workdir perm before build
c889f69
chmod added to COPY command Dockerfile
1f5bea7
chmod added to COPY command Dockerfile
e39ba2d
added user to container to run as non-root for http-content-check action
633862b
added user to container to run as non-root for http-content-check action
f7d526a
updated Dockerfile ami-check to add non-root user
6d41122
updated Dockerfile check-reaper to add non-root user
76bb222
updated Dockerfile daemonset-check to add non-root user
ac99f9e
updated Dockerfile deployment-check to add non-root user
2ac82f0
updated Dockerfile dns-resolution-check to add non-root user
d84d394
updated Dockerfile http-check to add non-root user
f4f2904
updated Dockerfile kiam-check to add non-root user
b25f58a
updated Dockerfile pod-restarts-check to add non-root user
6597f89
updated Dockerfile pod-status-check to add non-root user
58344d6
updated Dockerfile test-external-check to add non-root user
ef8ce5c
@jdowni000 jdowni000 requested a review from integrii April 3, 2020 21:39
@jonnydawg jonnydawg self-requested a review April 3, 2020 22:11
integrii
integrii approved these changes Apr 6, 2020
View reviewed changes
Copy link
Collaborator

@integrii integrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked most of the tagged images and everything looks to be pulling down. I thought about deleting the .test files, but they aren't hurting anything. LGtM! :shipit:

@integrii integrii merged commit 164742c into master Apr 6, 2020
This was referenced Apr 6, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@integrii integrii integrii approved these changes

@jonnydawg jonnydawg Awaiting requested review from jonnydawg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jdowni000 @integrii