From 7d92584ee2b70af7d199d1793343c8b86d4af9c5 Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:15:47 +0800 Subject: [PATCH 1/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..258762c 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:orcle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 2847479d58faf59c8bd25e1ca76c00eec3ef37ec Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:24:40 +0800 Subject: [PATCH 2/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 258762c..4d17e39 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -15,10 +15,28 @@ jobs: uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:orcle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: MySQL + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From da6948785539317c2f16f90c71ab15b5ac6e2869 Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:33:34 +0800 Subject: [PATCH 3/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4d17e39..466cab4 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -38,7 +38,7 @@ jobs: with: image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From 5d5371816edc9b760cee21e2ce55fc4334c356ad Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:49:50 +0800 Subject: [PATCH 4/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 466cab4..c29b1e9 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 From 7bb8c2de8e6ef21436e94a8dbd2661316a0fa420 Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:59:59 +0800 Subject: [PATCH 5/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index c29b1e9..993b5fd 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -20,7 +20,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -29,7 +29,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -42,3 +42,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: | + docker ps + shell: bash From 385649c9f245181ea40511beccc7463d940b7730 Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:14:47 +0800 Subject: [PATCH 6/9] Update compose.yaml --- .cache/ans/single/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..3b1047c 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user-13-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user-13-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user-13-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb From 7918673a579c6d4d7591fcb46671cb72072aa53a Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:17:15 +0800 Subject: [PATCH 7/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 993b5fd..1137298 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -44,5 +44,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd ./.cache/ans/single + docker compose up -d shell: bash From 13f18a2b4d020810308169588bd946d34199cfbe Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:20:22 +0800 Subject: [PATCH 8/9] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 1137298..4032ddb 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -44,6 +44,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - cd ./.cache/ans/single + cd .cache/ans/single docker compose up -d shell: bash From cf4a358a573f16c952b07079a1ea6d40fa3ad592 Mon Sep 17 00:00:00 2001 From: s8911407 <123718996+s8911407@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:31:48 +0800 Subject: [PATCH 9/9] Update compose.yaml --- .cache/ans/single/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index 3b1047c..208dad7 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -5,7 +5,7 @@ services: volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: - - '12345:80' + - '8013:80' depends_on: - wordpress logging: