From 4b3ff5b744f74dae0aed4d62bd22997cfc9e35e1 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:11:25 +0000 Subject: [PATCH 01/13] test --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..e05a17d 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 772a610f004d29ba98be82a903f518db142f0153 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:21:18 +0000 Subject: [PATCH 02/13] test2 --- .github/workflows/image-scan.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index e05a17d..d9559d5 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,7 +18,25 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' format: 'table' exit-code: '1' ignore-unfixed: true From 09595e252d3bcbc04f46f7b02bd7502767dba790 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:25:26 +0000 Subject: [PATCH 03/13] test3 --- .github/workflows/image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index d9559d5..7cad287 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,12 +9,12 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu-latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: From 996d14260f2fae35ed8ab0a5e4f300c43e9fb17d Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:38:18 +0000 Subject: [PATCH 04/13] test --- .github/workflows/image-scan.yaml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 7cad287..25a2577 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,7 +18,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'nginx:latest' + image-ref: 'mysql:latest' format: 'table' exit-code: '1' ignore-unfixed: true @@ -26,19 +26,3 @@ jobs: severity: 'CRITICAL,HIGH' - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master - with: - image-ref: 'wordpress:latest' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'mysql:8' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' From 7fa77df7c884f27ae1c6fc99a42e9262c1c0dad3 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:41:25 +0000 Subject: [PATCH 05/13] 1 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 25a2577..5e33e08 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -14,7 +14,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: From bc168f1fce781c6909c5a1c6ed53c3a7de963780 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:47:00 +0000 Subject: [PATCH 06/13] TTT --- .github/workflows/image-scan.yaml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 5e33e08..3bc9356 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -18,11 +18,27 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:latest' + image-ref: 'nginx:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:8' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From d49243194d879e847c0c9b55f0aa318a7a1e32d2 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:55:38 +0000 Subject: [PATCH 07/13] 2 --- .github/workflows/image-scan.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 3bc9356..ba6e4ca 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,13 +9,14 @@ on: jobs: scan: name: Scan Docker Image + #runs-on: [runner-2, self-hosted] runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + - name: nginx uses: aquasecurity/trivy-action@master with: image-ref: 'nginx:latest' @@ -24,7 +25,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: wordpress uses: aquasecurity/trivy-action@master with: image-ref: 'wordpress:latest' @@ -33,7 +34,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: Run Trivy vulnerability scanner + - name: mysql uses: aquasecurity/trivy-action@master with: image-ref: 'mysql:8' @@ -42,3 +43,4 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: From 1f02d4251a525240cb8682d389ee0b9ebbbe1dff Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 05:57:09 +0000 Subject: [PATCH 08/13] 3 --- .github/workflows/image-scan.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index ba6e4ca..f6a09ff 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -43,4 +43,3 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - name: From 91474940db98ce43e2f0fefe0a8497713603f3bf Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 06:01:45 +0000 Subject: [PATCH 09/13] user-4 --- .github/workflows/image-scan.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index f6a09ff..cb7d0f3 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,8 +9,8 @@ on: jobs: scan: name: Scan Docker Image - #runs-on: [runner-2, self-hosted] - runs-on: ubuntu-latest + runs-on: [runner-2, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -43,3 +43,8 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + + - name: Test + run: | + docker ps + shell: bash From b2ae24d347434a36bb03086658fa811c7f7a8208 Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 06:04:39 +0000 Subject: [PATCH 10/13] 4 --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index cb7d0f3..3511bf4 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -21,7 +21,7 @@ jobs: with: image-ref: 'nginx:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -30,7 +30,7 @@ jobs: with: image-ref: 'wordpress:latest' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' @@ -39,7 +39,7 @@ jobs: with: image-ref: 'mysql:8' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' From d6ca4420b43b0a0dec5839c0ae3a6632b60bcc4e Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 06:19:08 +0000 Subject: [PATCH 11/13] 4 --- .cache/ans/single/compose.yaml | 6 +++--- .github/workflows/image-scan.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..f4348ac 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user4-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user4-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user4-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 3511bf4..910f76f 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -46,5 +46,6 @@ jobs: - name: Test run: | - docker ps + cd .cache/ans/single/compose.yaml + docker compose up -d shell: bash From 9bfc0c73068539618a9049df04fff917e102a63f Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 06:20:24 +0000 Subject: [PATCH 12/13] 4 --- .github/workflows/image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 910f76f..38234c3 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -46,6 +46,6 @@ jobs: - name: Test run: | - cd .cache/ans/single/compose.yaml + cd .cache/ans/single docker compose up -d shell: bash From 9c124bc12bdc194f9850a895e73f5e4acea3b6af Mon Sep 17 00:00:00 2001 From: chaiyenhuang Date: Fri, 5 Jul 2024 06:25:36 +0000 Subject: [PATCH 13/13] 4 --- .cache/ans/single/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index f4348ac..01989d8 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: user4-nginx + container_name: user04-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: user4-wordpress + container_name: user04-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: user4-db + container_name: user04-db environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb