From 2b94236d2ec42d1b4d19b5135f9ed6379fd5a7ed Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jul 2024 11:35:07 +0800 Subject: [PATCH 01/11] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..6744188 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + #runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 37b3fddc3ecbfd0a17b14bd09b44c0ff3b956fea Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jul 2024 11:37:30 +0800 Subject: [PATCH 02/11] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 6744188..4d046b6 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -10,6 +10,7 @@ jobs: scan: name: Scan Docker Image #runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From 1ef87e8711ed10df638cd2fd87a7fdb89bf7a69a Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jul 2024 13:16:09 +0800 Subject: [PATCH 03/11] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4d046b6..95e5746 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -19,7 +19,27 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'mysql:8' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 1818381694b44693acb073292d5d696b5829f597 Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jul 2024 13:21:32 +0800 Subject: [PATCH 04/11] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 95e5746..e917f96 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -25,7 +25,6 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: @@ -35,7 +34,6 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: From 4ada8a6450934bea9b42f72fb177714b88752de9 Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jul 2024 13:23:07 +0800 Subject: [PATCH 05/11] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index e917f96..1518472 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -16,28 +16,28 @@ jobs: uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:8' + image-ref: 'nginx:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Wordpress uses: aquasecurity/trivy-action@master with: - image-ref: 'nginx:latest' + image-ref: 'wordpress:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Mysql uses: aquasecurity/trivy-action@master with: - image-ref: 'wordpress:latest' + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From 217db632c984aa861805b201dc67e7f1e49218c2 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:34:18 +0000 Subject: [PATCH 06/11] up --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 1518472..3311fba 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -39,7 +39,7 @@ jobs: with: image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From 1a8e15b640438cb306f825ef87c33c6aca088a94 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:46:10 +0000 Subject: [PATCH 07/11] wp --- .github/workflows/image-scan.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 3311fba..88245c1 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,8 +9,8 @@ on: jobs: scan: name: Scan Docker Image - #runs-on: [runner-2, self-hosted] - runs-on: ubuntu-latest + runs-on: [runner-1, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -43,3 +43,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: | + ls + shell: bash From 41de9b195c4e27a0f4695034d44479afa443d77d Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:59:40 +0000 Subject: [PATCH 08/11] wp --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 88245c1..b346bf6 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -21,7 +21,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -30,7 +30,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -45,5 +45,5 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - ls + docker ps shell: bash From d7cd368f7e35542e49b39bdba411d58d69ce1029 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:19:58 +0000 Subject: [PATCH 09/11] wp --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..c13231a 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: hansJ-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: hansJ-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: hansJ-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index b346bf6..41dd0a6 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -45,5 +45,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd .cache/ans/single + docker compose up -d shell: bash From ac3c0839ef94f01795ab8a0693e7fac08215a8f8 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:31:58 +0000 Subject: [PATCH 10/11] wp --- .github/workflows/image-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 41dd0a6..db39af4 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -47,4 +47,5 @@ jobs: run: | cd .cache/ans/single docker compose up -d + docker ps -a | grep hansJ shell: bash From d165aff9fb6e10b76509970594c967ce0d1c6e03 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:46:08 +0000 Subject: [PATCH 11/11] wp --- .cache/ans/single/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index c13231a..ea2b19a 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -5,7 +5,7 @@ services: volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: - - '12345:80' + - '15566:80' depends_on: - wordpress logging: