From f4f0ac696bd2f2a31639ed60bdcecbb6ba77233b Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:13:33 +0000 Subject: [PATCH 01/11] change --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..68d4386 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From e67912cda10529468faa60379756da9ecda2e36f Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:26:56 +0000 Subject: [PATCH 02/11] update yaml --- .github/workflows/image-scan.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 68d4386..b2671b8 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu:latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,7 +18,21 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From 60d450693d41e413576ba5d92d15e712d021da39 Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:32:22 +0000 Subject: [PATCH 03/11] update yaml - 0 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index b2671b8..947f2dc 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu:latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 From c30126c86fee64180cabb0dc83a388056b81169a Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:34:37 +0000 Subject: [PATCH 04/11] update yaml - 1 --- .github/workflows/image-scan.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 947f2dc..f04bdfc 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -24,17 +24,3 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - image-ref: 'wordpress:latest' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - - image-ref: 'mysql:8' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' From 32b0777e400f0e6903c8c31b2b3e97d32a6ea0df Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:35:42 +0000 Subject: [PATCH 05/11] update yaml - 2 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index f04bdfc..94cefef 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,7 +18,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'nginx:latest' + image-ref: 'wordpress:latest' format: 'table' exit-code: '1' ignore-unfixed: true From f2d9d438997359103f7d5ed42e22a6453d3f242f Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:37:05 +0000 Subject: [PATCH 06/11] update yaml - 3 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 94cefef..2c55847 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,7 +18,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'wordpress:latest' + image-ref: 'mysql:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 3dda2f09c4c35f895212124a77d48effbf1c6670 Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:54:27 +0000 Subject: [PATCH 07/11] update yaml - 4 --- .github/workflows/image-scan.yaml | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 2c55847..4f6ad46 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,18 +9,41 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-3, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: Nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:latest' - format: 'table' + image-ref: 'nginx:latest' + format: 'tablei' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'tablei' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Mysql + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' + format: 'tablei' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Test + run: | + docker ps + shell: bash + From 245cb948e532d85bd5b48ec3d39c5a7e9872846b Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 05:59:47 +0000 Subject: [PATCH 08/11] update yaml - 5 --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 4f6ad46..f5e34e7 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -20,7 +20,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'tablei' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -29,7 +29,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'tablei' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -38,7 +38,7 @@ jobs: with: image-ref: 'mysql:8' format: 'tablei' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From b13c61cda5ee18e3c3e471d61787611c71f0c06f Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 06:09:50 +0000 Subject: [PATCH 09/11] update yaml - 6 --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index f5e34e7..f51978f 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -19,7 +19,7 @@ jobs: uses: aquasecurity/trivy-action@master with: image-ref: 'nginx:latest' - format: 'tablei' + format: 'table' exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' @@ -28,7 +28,7 @@ jobs: uses: aquasecurity/trivy-action@master with: image-ref: 'wordpress:latest' - format: 'tablei' + format: 'table' exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' @@ -37,7 +37,7 @@ jobs: uses: aquasecurity/trivy-action@master with: image-ref: 'mysql:8' - format: 'tablei' + format: 'table' exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' From 66e873d1e8edabbaf14b428ad6eab6d4006b0af1 Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 06:21:55 +0000 Subject: [PATCH 10/11] update yaml - 7 --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..ff1394e 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: Rick_nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: Rick_wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: Rick_db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index f51978f..ceceb80 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -44,6 +44,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd .cache/ans/single + docker compose up -d shell: bash From 6a0c335c1b9ba5833c6675e2d903ce98ddb772f1 Mon Sep 17 00:00:00 2001 From: YouHow Date: Fri, 5 Jul 2024 06:26:03 +0000 Subject: [PATCH 11/11] update yaml - 8 --- .cache/ans/single/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index ff1394e..3725e15 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -5,7 +5,7 @@ services: volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: - - '12345:80' + - '8020:80' depends_on: - wordpress logging: