From 789587b8beb5c8b0bdbe190ac08a9ce8f59dc9df Mon Sep 17 00:00:00 2001 From: Jerry0807 Date: Fri, 5 Jul 2024 05:26:15 +0000 Subject: [PATCH 1/5] push 1 --- .github/workflows/.image-scan.yaml.swj | Bin 0 -> 12288 bytes .github/workflows/.image-scan.yaml.swk | Bin 0 -> 12288 bytes .github/workflows/.image-scan.yaml.swl | Bin 0 -> 12288 bytes .github/workflows/.image-scan.yaml.swn | Bin 0 -> 12288 bytes .github/workflows/.image-scan.yaml.swp | Bin 0 -> 12288 bytes .github/workflows/image-scan.yaml | 8 ++++---- 6 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/.image-scan.yaml.swj create mode 100644 .github/workflows/.image-scan.yaml.swk create mode 100644 .github/workflows/.image-scan.yaml.swl create mode 100644 .github/workflows/.image-scan.yaml.swn create mode 100644 .github/workflows/.image-scan.yaml.swp diff --git a/.github/workflows/.image-scan.yaml.swj b/.github/workflows/.image-scan.yaml.swj new file mode 100644 index 0000000000000000000000000000000000000000..3adeeb116c65288e57158c650380832809621cff GIT binary patch literal 12288 zcmeI2&1zFY6vwAla8(uEiO6WhZaTS5i$yPp)d)6VH?>u;h)izIZN}a^lg>xdY!qB5 zZd|%jpQ2A7zJ*H#1z*B5$+d<;q+9h2{J9_VpY!p%tB})Lc+gzq*K2i#>oj9O@>h8S zF0iu%>K^T(AL?WNLaE+F&4!UXrTDqzw!*$%q<#_qU|=_a*pz?scQpS783%}Ya&1djz%E(TwI&kTw1Iz!~?UJF7mTyHjj3eTtt8f5CI}U z1c(3;AOb{y2>cTSe0PdH$4-t_-JGkgQ-`kABVC995g-CYfCvx)B0vO)01+SpM1Tko zfxnP|Y%_LYhOrN*`2YW}-~ZoFG4>7h1@#&A3AK-Uk9voCi+Y2ys5R7W)D_fm)HG`U zBx5g84^d6jGU_~P8ub-(eXMf6ht$XvU&AY2}?Dy$jD75f{E}+S{`9igXtpdh(1VG;BbNz!TeH`UZ51w%1+ofFY2I(LRv4O-})f)(z zd1drUDV+yf*#+0K#4PJU^Nr}@u_Lgur3yUB<2X1zR_P<@SRheuSyJ!}Fi8Q$8UoiIA( zTX+{|;uq(+gCZ9lgRb`Dp=s3Tee8$d8P3AF`5 z%9{KdY44pS-f|N)u7{mJj#MkhgaWhVsq=;}a6c@2#F01`j~ zNB{{S0VIF~kN^_+CkVJ=i9Cl&PL0C=r!mFWI)@XyP#Fj8PI9a z@d_a?L61N!&?@L0=o`fO0D4!(d=cW}Kmter2_OL^fCP{L5JJH#DUU=M_y&(karX6jOQ~K z@I&FERCmJ#joEXVHaT;!>R3ne*_~-)w&7V)&Bt~i6K$AGXDlOVO5W;={8hy%W&4sd8CI?CM2&2Rd{E~e6o|wY@GIZ+SlG~4malVYnD4SpquPL z5s=B`(RgJetrEHqPoXD%y+$pUS=7_u>OP*Brgc7qdg#4LFFb99hIiNtH74Y#?!a{u sD|}N0sQ|@&nnRa84L1~C$|r^oJhyHdc7e^pw}4~_nMRxqMnib=9m~@Bg#Z8m literal 0 HcmV?d00001 diff --git a/.github/workflows/.image-scan.yaml.swl b/.github/workflows/.image-scan.yaml.swl new file mode 100644 index 0000000000000000000000000000000000000000..990612f89769cd85ba8289255c817b6cf3174c7f GIT binary patch literal 12288 zcmeI2O=}ZD7{{lz;HfHl6Az;md+B786j2w%Y6Kgxm)eR@L}oX$$(Y@l?YyMTML|Sw z9zE&Z573X`$&+`F9#s4iK9g){C`5WypMgL7GXHsAetQaelKP|e2E9>h5Ljmj`IWuN zTH-SKvVD?xD-3H~4Lg5asaB3l1?F6&&Kohq{k#eob#&SX_ntO=+tX!K>q^)2NfcgW zx!$vpEO=Kin{rhf@*JcwU00|%gB!C2v01`j~NB{{S0VIF~ zkicI^fOiO4SR~{XDE$9F`ThUnG$G$X-#}kMpFjto51{v;cc8Z*1KI%H0bKztfKGr8 zP7(4N^cZv>bOAIE`U!bHgFaR{UxvK6kN^@u0!RP}AOR$R1dsp{Kmz{<0eZNs7ziWX zFs93`&GuHib^F1}di&n`GCA}Ne6E-qmI6%LuH-T?+zh83va7Ta%&Sc9i%v|P@nR}~ z*q4r_x)TC4rq5;C6x_jE$CF%4?~KQ>jmTirCtf)p%c7LF$C`B*D81I0in9l^-0>tG zOnlpz@?FoZNPTE6az+k@jHga&wN`NJgsI$&DqcWUn_kha;G&^dVR#~QI7!1eI6PMF zCE9bYv~d)Tr^jolE~1&4Zb45sjo_U^Fg;+I%*B#arFWK0YNb`NqsnZQ_C(s(-mMK* zkJQ(yc4&Y&+Jh#blF_a4$}+8Dx&wD%Cce2st;jRh)8Ohn8JWg?K7@Yg-O(&OZHIw( z*b6 zP7(3~^a#`ewLs@V1oRnleW-Fi_jz$40VIF~kN^@u0!RP}AOR$R1pW^K^pDH%5!b>_ zBD&JB+1^^rg}~a55G9ycbcc9iIun z_k|4-)$;+Gv*%K!b7tYKWpT!5ccxR?nx_#x3^ayO?&$CdCcaHX*`8yDC(ic}S}jJC zfF)Kaxt=p)xvuO1l`Mz!T_@?5cTwLI*DMwpoTPpn93CrojSj3WOcaLG>G4LQ@^E3M zTTuK>%~>z!ff@y=$aqc2!dXM+i!CcNVKU&!P&vCkYR%Qxu6C%WRqjC(P)T{Koiu@x z5#511KNG)Jr-o-~Fi_y?JuXetJ|93o^lmu|Pdk3#9rk>W5!qESge$G^86}hg6nAJ2 jQ})zHC|s63(R|NwW2b2s*bICND29+}#@S@lrzbxE8R+%X literal 0 HcmV?d00001 diff --git a/.github/workflows/.image-scan.yaml.swp b/.github/workflows/.image-scan.yaml.swp new file mode 100644 index 0000000000000000000000000000000000000000..1e464849065497c8ff61c33096c6deeba699bdcf GIT binary patch literal 12288 zcmeI2J!=#}7{@0f*cc<)r5cTpCVP9A;M+nl;RJK2g)y-SBC~t5xk+YcHuG|qvrtGQ zSZVDS$Vag8Ggw-fZ(uE2`pn*X9D$RxhG*c!?>-jVe z4|1soHWmfj<&n*pY7AK+rv${uNB{|(jevJ~bZ>ThWx3T12NrJLpx3W$pY1HVkN^@u z0!RP}AOR$R1dsp{I2Qz5IYZt;Cl~5&=IiUsscZccFGv6hAOR$R1dsp{Kmter2_OL^ zfCP}he@K9J3Hf!Ikijez5C8xF{r*3hBjh{i8|W+OGw2xf5%dA{9&`lCLF=G9pn1^m zD-aKK40;WE3|a-vfqp`c6VMmXCs4?F1j2;`kN^@u0!RP}AOR$R1dsp{IL8F&cv;@( zMz~=@7u%bitxkLW$3)<8$rpqwy|d(Wu~lU@&U!rC*WRu5 zS5DQ}u6JmlSnWX*P)T)byt0v23EhFaFbBW9L@k$j)YIVVzN}26KA%HB^kFssPCH@9 z9ri+x3E9&rgsZIZdKHuc6nAI=ll3%2D7}=g3_tMPx>4FGHVf|piXo&J+5?$r!!pT7 L*(VdzPzw12iSPk+ literal 0 HcmV?d00001 diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..f707034 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,18 +9,18 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: [ubuntu-latest] steps: - name: Checkout code uses: actions/checkout@v3 - # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From a641709deec03bdad1517afa6cebea47445fc44b Mon Sep 17 00:00:00 2001 From: Jerry0807 Date: Fri, 5 Jul 2024 05:33:46 +0000 Subject: [PATCH 2/5] push 2 --- .github/workflows/.image-scan.yaml.swi | Bin 0 -> 4096 bytes .github/workflows/.image-scan.yaml.swm | Bin 0 -> 12288 bytes .github/workflows/.image-scan.yaml.swo | Bin 0 -> 12288 bytes .github/workflows/image-scan.yaml | 2 +- 4 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 .github/workflows/.image-scan.yaml.swi create mode 100644 .github/workflows/.image-scan.yaml.swm create mode 100644 .github/workflows/.image-scan.yaml.swo diff --git a/.github/workflows/.image-scan.yaml.swi b/.github/workflows/.image-scan.yaml.swi new file mode 100644 index 0000000000000000000000000000000000000000..e35d229a33423248622e8683ebf4c56aa09fb9c1 GIT binary patch literal 4096 zcmYc?2=nw+u+%eT00IF9hCeOsX+lLR3~T0aFq9Uj7U>$Af@JW54OB)a`MZI^)qu5(^GYelN0mw zDid>aa2Pl$JQ@O{AwXORl$NCFTJVM%8yOmaG$<=6DhLaO5~p`m)o2KehQMeDjE2By V2#kinXb6mkz-S1JhQP200RW3lDZu~$ literal 0 HcmV?d00001 diff --git a/.github/workflows/.image-scan.yaml.swm b/.github/workflows/.image-scan.yaml.swm new file mode 100644 index 0000000000000000000000000000000000000000..0ef0f56df88027bfa0190de474f10802ffe8edf4 GIT binary patch literal 12288 zcmeI2&ubGw6vwAMd8ta(iz19h=%t%&EJa-qs}XEKFa05isLXC=lQFw9oB5G+FM1Kg zi$^co|H6Mj=zrm{2mK>F_$FC(38eI@zJV{x&V1jz_dYp=eev4k&LeuO*&?vc67u8C z+jLo9BlkX@BF=Cfv^M<7u`5y1G9kg7@x(gK=eS>07lvJx48T2BdSLph2%9}&`z{Xs zMw+Ry2}RC&JTM89&64HWoC|Rq2_S)!5pXsQZZ7SuUvI7XfX3A;^xX2^$zsuk1dsp{ zKmter2_OL^fCP}hKS9723*Ux&S&4 zIy?;?P!IG3v;n#VS_Bg z8PS#Yc4xQKzWZ=>tMg!Mh5U&cxl9JOEI62ySh{D=gh*cWpT#qC(}7?%~LqcOEb(OrCCzIJua&#epnYo#6NTY) zoV=N+Je-^A4)k(cbJopyphiI|GTsofaMqC7YA20bRJ+Z=%C?PXYdrEVdvZwxr d!e!YD&4-Q~JIyl3W`I3pCS;nio{akRvMZL|@@ z#xfvkaIpc|Sn$K}RsV@xsDj9)$s`SVVRS~ua!VX;= z`i(SGQxl4u4R~M@Cfg;;vpE;yHWEMrMTW|9|-Xe{hPBub?lW&!7*W_n^0+H=upcOOOU7pnISzpk>fm z(5I7xyar{UhoA^VLB~M{kn3Ze^M%ig0|_7jB!C2v01`j~NB{{S0VMEW5ukq@hEKQ_ zwv6a%ce}UK>t4ULw$;12wMu@5PFyAfTNWHl%B*D~)=Za8hZsnudEjI!_IN*{Ry*Ff zfbR(#B&zQ(=rrR}rE_Ls*RnX{&6BEGTk{kS^U{p7NNJWdJyYoKj(#M8HgFSBHg?SL z#QBOstHq=YSYm~en>jO<>)IYr$#Qtiwv%+nyQnXbYZi+PBB}2Yhh^<vO57Z<`MaEk~7S0;@TCGR@+S$`gm<)L`QqFEpHfqP=1H1JJ z_3&nAPzAiCwrM9#pk%eIO1cA2r#EK3@U-U}-ofh2iO6FWL*OhDem@CG0oZ+-Lzg{$ f0NaJjvPYVa9XGbRagNOZcAu0~8Jo$dPfxxBd*$>f literal 0 HcmV?d00001 diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index f707034..4b19748 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [ubuntu-latest] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From b39a6fe5aa5e2e2f595cececa08ad4485d2924a3 Mon Sep 17 00:00:00 2001 From: Jerry0807 Date: Fri, 5 Jul 2024 05:49:37 +0000 Subject: [PATCH 3/5] push 3 --- .github/workflows/.image-scan.yaml.swg | Bin 0 -> 4096 bytes .github/workflows/.image-scan.yaml.swh | Bin 0 -> 12288 bytes .github/workflows/image-scan.yaml | 39 ++++++++++++++++++------- 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/.image-scan.yaml.swg create mode 100644 .github/workflows/.image-scan.yaml.swh diff --git a/.github/workflows/.image-scan.yaml.swg b/.github/workflows/.image-scan.yaml.swg new file mode 100644 index 0000000000000000000000000000000000000000..1c04309f5d51239deb98d8d0a3d89053519d9d75 GIT binary patch literal 4096 zcmYc?2=nw+u+%eT00IFJ0Rf$-IT%WdQ;T#BO<_Vf>E!&plElnBpyHg=e6Vp?5i<1-c^ePi`b8r|q zDm)qjqai>-2=Fo(8yOmaG$<=6DhLaOlAw1~>1YUyhQMeDjE2By2#kinXb6mkz-S1J JhQLq{0RWc!B(DGf literal 0 HcmV?d00001 diff --git a/.github/workflows/.image-scan.yaml.swh b/.github/workflows/.image-scan.yaml.swh new file mode 100644 index 0000000000000000000000000000000000000000..22dba3b968ab4f9284dc57b5be52cef981861336 GIT binary patch literal 12288 zcmeI2ziSjh6vro4HZeg##A@_}G}+snLC^&;62Y8k6B8Q|ncbVst=XNqn;(~4qm|f+ zB8Y|l5rSYN*x2|t2sRe_PY8bJZjEQ)B(3@ezAQWMJM-TAY<1jAmu|Ih@C(fr!>Y5g-CYfCvzQe}aJP&9DdPwsUkP*Ntm={Y%S7zJVyOqK6zUo%% z2nV@Q2pyn`+GV`5kyZ)!saMWNrEt=^QE=ScO*Fx;jAr3^I}E%d78*;~J)Pp3kriK3 pp#s!%n^%~!=XbE(^JRJ0$iByg<8)JO79Rj5FgDIOnT&_@><5~__DcW& literal 0 HcmV?d00001 diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4b19748..fddfab5 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -1,26 +1,43 @@ name: Docker Image Scan - -on: +'on': push: - branches: [ main ] + branches: + - main pull_request: - branches: [ main ] - + branches: + - main jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - - ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' - format: 'table' - exit-code: '1' + image-ref: 'nginx:latest' + format: table + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ' wordpress:latest' + format: table + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' + format: table + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + From 00cdbbcd7641052b932dcc8c15f27477af5d77fd Mon Sep 17 00:00:00 2001 From: Jerry0807 Date: Fri, 5 Jul 2024 05:53:33 +0000 Subject: [PATCH 4/5] push 4 --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index fddfab5..ce86606 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ name: Docker Image Scan jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-1,self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 @@ -34,7 +34,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:8' + image-ref: 'mysql:latest' format: table exit-code: '0' ignore-unfixed: true From 334ccf4475b05ccad48f22d665779795f99fb55f Mon Sep 17 00:00:00 2001 From: Jerry0807 Date: Fri, 5 Jul 2024 06:25:23 +0000 Subject: [PATCH 5/5] push 5 --- .cache/ans/single/compose.yaml | 8 ++++---- .github/workflows/image-scan.yaml | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..0116036 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user-15-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user-15-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -42,8 +42,8 @@ services: restart: unless-stopped db: - image: mysql:8 - container_name: db + image: mysql:latest + container_name: user-15-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index ce86606..480abc5 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -40,4 +40,10 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: + cd .cache/ans/single + docker compose up -d + shell: bash +