Simple demo for Anchore Enterprise, including both Jenkins and GitHub workflow examples.
Partial list of problems in this image:
- xmrig cryptominer installed at
/xmrig/xmrig
- simulated AWS access key in
/aws_access
- simulated ssh private key in
/ssh_key
- selection of commonly-blocked packages installed (sudo, curl, etc)
/log4j-core-2.14.1.jar
(CVE-2021-44228, et al)- CVE-2021-3156 (sudo) provided via hints file (rpm also available)