From 0750f0826e4bdb4c2651c2b3a33a053ddae6c169 Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 05:08:35 +0000 Subject: [PATCH 1/8] update --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..12400dd 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 27be852c2eab02daa06188fff1cea49cd702cb96 Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 05:22:31 +0000 Subject: [PATCH 2/8] docker-scan --- .github/workflows/image-scan.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 12400dd..62f265f 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -15,10 +15,28 @@ jobs: uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: mysql + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From 97ed63eb7a8b994e66d1405785c0a25033d9523b Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 05:34:03 +0000 Subject: [PATCH 3/8] docker-scan-1 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 62f265f..ad0f574 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -38,7 +38,7 @@ jobs: with: image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From 149becea862f061c9b712983715f61c4c9034888 Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 05:53:31 +0000 Subject: [PATCH 4/8] docker-scan-2 --- .github/workflows/image-scan.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index ad0f574..8ffa475 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: [runner-2, self-hosted] steps: - name: Checkout code uses: actions/checkout@v3 @@ -42,3 +42,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Test + run: + docker ps + shell: bash From 69333da404d47a5fbbdfcc4eff76a4e597a190ff Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 05:59:35 +0000 Subject: [PATCH 5/8] docker-scan-3 --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 8ffa475..df3d2f3 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -20,7 +20,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -29,7 +29,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From d8eeb0464a15075225a08cd8a73900e37f0022ec Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 06:16:40 +0000 Subject: [PATCH 6/8] docker-scan-4 --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..6e0e480 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user-11-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user-11-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user-11-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index df3d2f3..c13d258 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -44,5 +44,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: - docker ps + cd .cache/ans/single + docker compose up -d shell: bash From e53bd80c38487841e0f8ea00d337d15177a3f9ce Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 06:22:08 +0000 Subject: [PATCH 7/8] docker-scan-5 --- .cache/ans/single/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index 6e0e480..556f02e 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: user-11-nginx + container_name: user-11-1234123-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: user-11-wordpress + container_name: user-11-1234123-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: user-11-db + container_name: user-11-1234123-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb From 4cbde66bd2546998636c35e14b697bfa08da4998 Mon Sep 17 00:00:00 2001 From: kuoricky22 Date: Fri, 5 Jul 2024 06:25:55 +0000 Subject: [PATCH 8/8] docker-scan-6 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index c13d258..0d72cd9 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -43,7 +43,7 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - name: Test - run: + run: | cd .cache/ans/single docker compose up -d shell: bash