From fb6c9ba2cabce28eba609126721db607ca5fc15c Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:27:43 +0000 Subject: [PATCH 1/9] scan mysql --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..68d4386 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 4ee25dbbe99b1e1862389aff3e6d7d64100952f4 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:35:16 +0000 Subject: [PATCH 2/9] wip --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 68d4386..462bb95 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,12 +9,12 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + #runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 - # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: From 74e615686bfd4411acd2451e1e9cb3f2d796e458 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 03:38:05 +0000 Subject: [PATCH 3/9] wip --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 462bb95..4b19748 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - #runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From a20fd5bfce77c3ac6500188d58009200691b4bed Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:22:40 +0000 Subject: [PATCH 4/9] compose scan --- .github/workflows/image-scan.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4b19748..5bb0290 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -15,10 +15,28 @@ jobs: uses: actions/checkout@v3 ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: MySQL + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 48f4d4365ea7c541d94f9499b57af11125d57f23 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:32:36 +0000 Subject: [PATCH 5/9] compose scan --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 5bb0290..d84855b 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From 9b7167925a8bc91f2434308092eee823013a25f0 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:34:08 +0000 Subject: [PATCH 6/9] compose scan --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index d84855b..4d7b201 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -38,7 +38,7 @@ jobs: with: image-ref: 'mysql:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From 26b1625a78fb72f3fb19752bd1f7a4936092ef9e Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 05:49:34 +0000 Subject: [PATCH 7/9] user14 scan --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4d7b201..56dd30e 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 From 20edbf2d50985e855aedba278a30e1d334bae808 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:00:55 +0000 Subject: [PATCH 8/9] user14 scan --- .github/workflows/image-scan.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 56dd30e..77718aa 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -20,7 +20,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -29,7 +29,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -42,3 +42,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: | + docker ps + shell: bash From e621e73ff0e36f85ac81021abe2841d83995a6c3 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jul 2024 06:21:14 +0000 Subject: [PATCH 9/9] user14 compose up --- .cache/ans/single/compose.yaml | 8 ++++---- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..07b06a1 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: razy-aginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: razy-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -42,8 +42,8 @@ services: restart: unless-stopped db: - image: mysql:8 - container_name: db + image: mysql:latest + container_name: razy-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 77718aa..a0e94ce 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -44,5 +44,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd .cache/ans/single + docker compose up -d shell: bash