From de69d8a2c817a2cbcb0d2ac53ae4074c4fbff021 Mon Sep 17 00:00:00 2001 From: yau Date: Fri, 5 Jul 2024 05:27:51 +0000 Subject: [PATCH 1/5] test --- .github/workflows/image-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dd9a342..6f6db8c 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,7 +9,7 @@ on: jobs: scan: name: Scan Docker Image - runs-on: [runner-2, self-hosted] + runs-on: ubuntu:latest steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +18,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ubuntu:impish-20210711' + image-ref: 'mysql:oracle' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From a9bf0119f651bb398475b9d85cc3af5995c5cd3e Mon Sep 17 00:00:00 2001 From: yauyau93 Date: Fri, 5 Jul 2024 14:08:08 +0800 Subject: [PATCH 2/5] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 33 ++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index 6f6db8c..dcdc400 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -9,18 +9,41 @@ on: jobs: scan: name: Scan Docker Image - runs-on: ubuntu:latest + runs-on: [runner-10, self-hosted] + #runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - # https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs - - name: Run Trivy vulnerability scanner + ## https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs + - name: Nginx uses: aquasecurity/trivy-action@master with: - image-ref: 'mysql:oracle' + image-ref: 'nginx:alpine' format: 'table' - exit-code: '1' + exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Wordpress + uses: aquasecurity/trivy-action@master + with: + image-ref: 'wordpress:latest' + format: 'table' + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Mysql + uses: aquasecurity/trivy-action@master + with: + image-ref: 'mysql:latest' + format: 'table' + exit-code: '0' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Test + run: | + docker ps + shell: bash From e736186825376dd3845818c379d114170f4a1051 Mon Sep 17 00:00:00 2001 From: yauyau93 Date: Fri, 5 Jul 2024 14:25:39 +0800 Subject: [PATCH 3/5] Update compose.yaml --- .cache/ans/single/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index babe355..404f6fa 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: nginx + container_name: user-8-t1-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: wordpress + container_name: user-8-t1-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: db + container_name: user-8-t1-mysql environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb From 9a17bd8b48d355b3a532a911895024870bc11e54 Mon Sep 17 00:00:00 2001 From: yauyau93 Date: Fri, 5 Jul 2024 14:26:36 +0800 Subject: [PATCH 4/5] Update image-scan.yaml --- .github/workflows/image-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml index dcdc400..21fa080 100644 --- a/.github/workflows/image-scan.yaml +++ b/.github/workflows/image-scan.yaml @@ -45,5 +45,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Test run: | - docker ps + cd .cache/ans/single/ + docker compose up -d shell: bash From 7fd8b3142d37667037ad27d9f784fc637e9a9010 Mon Sep 17 00:00:00 2001 From: yauyau93 Date: Fri, 5 Jul 2024 14:27:46 +0800 Subject: [PATCH 5/5] Update compose.yaml --- .cache/ans/single/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cache/ans/single/compose.yaml b/.cache/ans/single/compose.yaml index 404f6fa..35e86fa 100644 --- a/.cache/ans/single/compose.yaml +++ b/.cache/ans/single/compose.yaml @@ -1,7 +1,7 @@ services: nginx: image: nginx:latest - container_name: user-8-t1-nginx + container_name: user-10-tt-nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro ports: @@ -21,7 +21,7 @@ services: wordpress: image: wordpress:latest - container_name: user-8-t1-wordpress + container_name: user-10-tt-wordpress environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: exampleuser @@ -43,7 +43,7 @@ services: db: image: mysql:8 - container_name: user-8-t1-mysql + container_name: user-10-tt-mysql environment: MYSQL_ROOT_PASSWORD: examplepass MYSQL_DATABASE: exampledb