From 824594363d74e9e8cec6a9cfe0bdbfda52e1d752 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:29:42 +0000 Subject: [PATCH 1/9] update image source --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..68d4386 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 8ae33ffdd184a1055ab687caf1c66685f530c411 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:34:44 +0000 Subject: [PATCH 2/9] wip --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 68d4386..462bb95 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,12 +9,12 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + #runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 - # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: From 302bbfec92ee6b189e215b51364f9b57846822d2 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:15:57 +0000 Subject: [PATCH 3/9] wip --- .github/workflows/image-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 462bb95..3101a58 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -10,6 +10,7 @@ jobs: scan: name: Scan Docker Image #runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,7 +19,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'mysql:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 83e48df85d71794e88e4bf378c6fb77da7087bd6 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:20:44 +0000 Subject: [PATCH 4/9] wip --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 3101a58..39aaa40 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -19,7 +19,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:latest' + image-ref: 'wordpress:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 2aa91258bee66129cc75d55ea43ead90eb276d48 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:22:27 +0000 Subject: [PATCH 5/9] wip --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 39aaa40..31a948a 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -19,7 +19,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'wordpress:latest' + image-ref: 'nginx:alpine' format: 'table' exit-code: '1' ignore-unfixed: true From 87ce1567a59af32e9433e1631c6c9ff279e15135 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:34:49 +0000 Subject: [PATCH 6/9] 3 images --- .github/workflows/image-scan.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 31a948a..163f2f8 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v3 ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: image-ref: 'nginx:alpine' @@ -25,3 +25,21 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Mysql + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:latest' + format: 'table' + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From 6cebc9bf0cb1b62690f37673a219a89531d5963a Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:54:30 +0000 Subject: [PATCH 7/9] pr --- .github/workflows/image-scan.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 163f2f8..7d5e6b8 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,8 +9,8 @@ on: jobs: scan: name: Scan Docker Image - #runs-on: [runner-2, self-hosted] - runs-on: ubuntu-latest + runs-on: [runner-2, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -43,3 +43,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: | + ls + shell: bash From 3accc9f69862451e920f07907fafc8acf3c45324 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:59:19 +0000 Subject: [PATCH 8/9] user-8 wp pr --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 7d5e6b8..315ca33 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -21,7 +21,7 @@ jobs: with: image-ref: 'nginx:alpine' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -30,7 +30,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -45,5 +45,5 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - ls + docker ps shell: bash From c231f80b22cba29430dce62d1d7c8d125904fa34 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:20:43 +0000 Subject: [PATCH 9/9] user-8 wp pr with docker compose --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..404f6fa 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user-8-t1-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user-8-t1-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user-8-t1-mysql environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 315ca33..ee0fcf9 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -45,5 +45,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd .cache/ans/single/ + docker compose up -d shell: bash