From f9a378d2cb0778571225dd76332a2fe3cb0efc9e Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:27:50 +0000 Subject: [PATCH 1/9] alter image-ref --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..68d4386 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 83d2a5ce0e576c46c06580273c945bdaf93f636b Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:16:31 +0000 Subject: [PATCH 2/9] add 3 image --- .github/workflows/image-scan.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 68d4386..76433e6 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,7 +18,25 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From 002364faccd67c19cdd2d750382dc68954b8de52 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:22:52 +0000 Subject: [PATCH 3/9] alter name --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 76433e6..94ea6ab 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: image-ref: 'nginx:latest' @@ -24,7 +24,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Wordpress uses: aquasecurity/trivy-action@master with: image-ref: 'wordpress:latest' @@ -33,7 +33,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Mysql uses: aquasecurity/trivy-action@master with: image-ref: 'mysql:8' From ceedcf23e6e9062903ef873d6875068c4f1fa476 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:25:24 +0000 Subject: [PATCH 4/9] alter run-on --- .github/workflows/image-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 94ea6ab..02897d4 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,8 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + #runs-on: [runner-2, self-hosted] + runs-on: ununtu-latest steps: - name: Checkout code uses: actions/checkout@v3 From a9211397b20cd721797d46ce9458ac2c9d991807 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:28:26 +0000 Subject: [PATCH 5/9] wip --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 02897d4..50e05b6 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -10,7 +10,7 @@ jobs: scan: name: Scan Docker Image #runs-on: [runner-2, self-hosted] - runs-on: ununtu-latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From 8372d79d9f54f2da90047941156531f62bbf6787 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:33:39 +0000 Subject: [PATCH 6/9] alter mysql --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 50e05b6..8753620 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -39,7 +39,7 @@ jobs: with: image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From ab0a5b642eabafd85360a3017519357aa1a03971 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:52:54 +0000 Subject: [PATCH 7/9] demo pr --- .github/workflows/image-scan.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 8753620..bf1769b 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,8 +9,8 @@ on: jobs: scan: name: Scan Docker Image - #runs-on: [runner-2, self-hosted] - runs-on: ubuntu-latest + runs-on: [runner-1, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -43,3 +43,8 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + + - name: Test + run: | + ls + shell: bash From 11b0c61669047675620e2165fbba00885857876f Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:01:45 +0000 Subject: [PATCH 8/9] wip --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index bf1769b..8589b91 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -21,7 +21,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -30,7 +30,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -46,5 +46,5 @@ jobs: - name: Test run: | - ls + docker ps shell: bash From 26aa966ecf3d141a341840b8ccb79af601c9758a Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:23:35 +0000 Subject: [PATCH 9/9] demo compose --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..e97f65a 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user7-keng-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user7-keng-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user7-keng-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 8589b91..5e3984f 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -46,5 +46,6 @@ jobs: - name: Test run: | - docker ps + cd .cache/ans/single + docker compose up -d shell: bash