From f18757c14c6d20973818b81342bf9d6452bbfbd0 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:09:23 +0000 Subject: [PATCH 1/7] aaa --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..12400dd 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 577870fa8856f120b9587c503b014ca0b920770b Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:21:54 +0000 Subject: [PATCH 2/7] 2 --- .github/workflows/image-scan.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 12400dd..0616418 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -24,3 +24,23 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + + - name: Run Nginx scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - name: Run wordpress scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From c4095b70bf851841721a6a67899d4220c8f15257 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:32:31 +0000 Subject: [PATCH 3/7] v3 --- .github/workflows/image-scan.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 0616418..0b48d01 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -15,30 +15,31 @@ jobs: uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + + - name: Run Nginx scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + severity: 'CRITICAL,HIGH' - - name: Run Nginx scanner + - name: Run wordpress scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'nginx:latest' + image-ref: 'wordpress:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + severity: 'CRITICAL,HIGH' - - name: Run wordpress scanner + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'wordpress:latest' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true From 2d9a2e57be13f39019822d6d0df10825fdca6ed7 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:34:00 +0000 Subject: [PATCH 4/7] V4 --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 0b48d01..44257fc 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -39,9 +39,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From e2481a54baab47b7ed3a84ab244a05ea1c2dab7c Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:52:47 +0000 Subject: [PATCH 5/7] V5 --- .github/workflows/image-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 44257fc..26120be 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,8 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-1, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -36,7 +37,7 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Run MySql scanner uses: aquasecurity/trivy-action@master with: image-ref: 'mysql:8' From bff775dafd9791f0c44f1138f0c6454cb9dbd171 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:00:42 +0000 Subject: [PATCH 6/7] V6 --- .github/workflows/image-scan.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 26120be..79476bd 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -22,7 +22,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -32,7 +32,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -46,3 +46,8 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + + - name: Test + run: | + docker ps + shell: bash From 977de10d5309065ce1136ccbba3470bc86af15c5 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:21:36 +0000 Subject: [PATCH 7/7] V7 --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..33178e0 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user3-v1-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user3-v1-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user3-v1-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 79476bd..af1d12c 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -49,5 +49,6 @@ jobs: - name: Test run: | - docker ps + cd .cache/ans/single + docker compose up -d shell: bash