From d03f44714483741cb6f5075bb263a8ccbb95d440 Mon Sep 17 00:00:00 2001 From: agondo Date: Mon, 6 Jan 2025 13:21:35 -0500 Subject: [PATCH 01/16] Deleted docker-compose.yml --- docker-compose.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 3d39f83af..000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,29 +0,0 @@ -version: "3.3" - -services: - db: - image: postgres - volumes: - - ./data/db:/var/lib/postgresql/data - environment: - - POSTGRES_DB=postgres - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=postgres - web: - build: . - image: pygoat/pygoat - command: gunicorn --bind 0.0.0.0:8000 --workers 6 pygoat.wsgi - ports: - - "8000:8000" - volumes: - - .:/app - depends_on: - - migration - - db - migration: - image: pygoat/pygoat - command: python pygoat/manage.py migrate --noinput - volumes: - - .:/app - depends_on: - - db From c4c16d5c3e6f1de7f53e3f0c4ca1096d38da9910 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Mon, 6 Jan 2025 13:42:42 -0500 Subject: [PATCH 02/16] Create ci.yml --- .github/workflows/ci.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..a747a8805 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,24 @@ +name: CI + +on: [push] + +jobs: +sast_scan: + name: Run Bandit Scan on app + runs-on: ubuntu-latest + + steps: + -name: Checkout code + uses: actions/checkout@v2 + + -name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + -name: Install Bandit + run: pip install bandit + + -name: Run Bandit Scan in current directory + run: bandit -r . + From 2cb61a19e941e538b7b9c95dbf5b77fd135b03ad Mon Sep 17 00:00:00 2001 From: agondo69 Date: Mon, 6 Jan 2025 13:50:36 -0500 Subject: [PATCH 03/16] Update ci.yml Fixing ci.yml --- .github/workflows/ci.yml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a747a8805..10479585b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,22 +3,21 @@ name: CI on: [push] jobs: -sast_scan: - name: Run Bandit Scan on app - runs-on: ubuntu-latest + sast_scan: + name: Run Bandit Scan on app + runs-on: ubuntu-latest - steps: - -name: Checkout code - uses: actions/checkout@v2 + steps: + - name: Checkout code + uses: actions/checkout@v2 - -name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.8 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.8 - -name: Install Bandit - run: pip install bandit + - name: Install Bandit + run: pip install bandit - -name: Run Bandit Scan in current directory - run: bandit -r . - + - name: Run Bandit Scan in current directory + run: bandit -r . From e98929c1bc134531d93e05c848fe5758e8429eab Mon Sep 17 00:00:00 2001 From: agondo Date: Tue, 7 Jan 2025 09:26:08 -0500 Subject: [PATCH 04/16] Delete workflow YAML files --- .github/workflows/flake8.yml | 33 --------------------------- .github/workflows/hadolint.yml | 41 ---------------------------------- 2 files changed, 74 deletions(-) delete mode 100644 .github/workflows/flake8.yml delete mode 100644 .github/workflows/hadolint.yml diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml deleted file mode 100644 index 0885ac6f4..000000000 --- a/.github/workflows/flake8.yml +++ /dev/null @@ -1,33 +0,0 @@ -# This workflow will install Python dependencies, run tests and lint with a single version of Python -# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions - -name: Flake8 - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.8 - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - - name: Lint with flake8 - run: | - pip install flake8 - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml deleted file mode 100644 index bf04ce9c6..000000000 --- a/.github/workflows/hadolint.yml +++ /dev/null @@ -1,41 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. -# hadoint is a Dockerfile linter written in Haskell -# that helps you build best practice Docker images. -# More details at https://github.com/hadolint/hadolint -# testing the pipeline - -name: Hadolint - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - - -permissions: - contents: read - -jobs: - hadolint: - name: Run hadolint scanning - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Run hadolint on Dockerfile - uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183 - with: - dockerfile: ./Dockerfile - - - name: Run hadolint on pygoat/Dockerfile - uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183 - with: - dockerfile: ./Dockerfile - From 5da554eceb8e0b3df697617fa3e12a15a4c1ab53 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 09:54:04 -0500 Subject: [PATCH 05/16] Update ci.yml Only High severity and confidence level --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10479585b..536a0aa06 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,4 +20,4 @@ jobs: run: pip install bandit - name: Run Bandit Scan in current directory - run: bandit -r . + run: bandit -ll -r . From 1151f86b18f9c81629d906698eb44461ec3f6bb6 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 10:02:44 -0500 Subject: [PATCH 06/16] Update ci.yml med and h --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 536a0aa06..e340e3c33 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,4 +20,4 @@ jobs: run: pip install bandit - name: Run Bandit Scan in current directory - run: bandit -ll -r . + run: bandit -ll -ii -r . From acba8226dd8c8c28ecf2e3577eb45020f6096923 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 11:54:39 -0500 Subject: [PATCH 07/16] Update ci.yml With if () to keep scanning --- .github/workflows/ci.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e340e3c33..4a53231ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,4 +20,15 @@ jobs: run: pip install bandit - name: Run Bandit Scan in current directory - run: bandit -ll -ii -r . + run: bandit -ll -ii -r . -f json -o bandit-report.json + + - name: Upload the artifact(s) + uses: actions/upload-artifact-artifact@v3 + if: always() + with: + name: Bandit vulnerability findings + path: bandit-report.json + + + + From a17e0a89c404be2ca6bdd13d6fb373e5828fcbdc Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 11:58:04 -0500 Subject: [PATCH 08/16] Update ci.yml Artifact location fixed --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4a53231ba..aa9432689 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ jobs: run: bandit -ll -ii -r . -f json -o bandit-report.json - name: Upload the artifact(s) - uses: actions/upload-artifact-artifact@v3 + uses: actions/upload-artifact@v3 if: always() with: name: Bandit vulnerability findings From 07b9608f440f82e2492b2b2768785f54ff30591e Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 12:31:07 -0500 Subject: [PATCH 09/16] Update ci.yml Docker scan --- .github/workflows/ci.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aa9432689..4c0f63b90 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,6 +28,30 @@ jobs: with: name: Bandit vulnerability findings path: bandit-report.json + + dockerimage_scan: + name: Build our image and run a scan on it + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up our docker + uses: docker-practice/actions-setup-docker@v1 + with: + docker_version: '20.10' + + - name: Build the image + run: docker build -f Dockerfile -t agapp:latest . + + - name: Docker Scout Scan for image + run: | + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh + sh install-scout.sh + docker scout quickview + docker scout cves + From a39229ebb4c77e5060b9e670b2760cb48c21aa94 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Tue, 7 Jan 2025 12:40:40 -0500 Subject: [PATCH 10/16] Update ci.yml second trial --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c0f63b90..6654e7d80 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,7 @@ jobs: - name: Build the image run: docker build -f Dockerfile -t agapp:latest . - - name: Docker Scout Scan for image + - name: Docker Scout Scan image run: | curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh sh install-scout.sh From 6c7e0d8d566cf0b5fcb0b8af866c88ff64db70ce Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 11:17:18 -0500 Subject: [PATCH 11/16] Update ci.yml Other changes made --- .github/workflows/ci.yml | 70 +++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6654e7d80..a281a3db3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,6 +3,7 @@ name: CI on: [push] jobs: + # SAST Scan Job sast_scan: name: Run Bandit Scan on app runs-on: ubuntu-latest @@ -26,33 +27,64 @@ jobs: uses: actions/upload-artifact@v3 if: always() with: - name: Bandit vulnerability findings - path: bandit-report.json + name: Bandit vulnerability findings + path: bandit-report.json + # Docker Image Scan Job dockerimage_scan: - name: Build our image and run a scan on it - runs-on: ubuntu-latest + name: Build and Scan Docker Image + runs-on: ubuntu-latest - steps: + steps: + # Checkout the code - name: Checkout code uses: actions/checkout@v2 - - name: Set up our docker - uses: docker-practice/actions-setup-docker@v1 - with: - docker_version: '20.10' + # Remove Default Moby + - name: Remove Default Moby + run: | + sudo apt-get remove -y moby-engine moby-cli || echo "Moby not installed" - - name: Build the image + # Install Docker + - name: Install Docker + run: | + # Update package index + sudo apt-get update + + # Install prerequisites + sudo apt-get install -y \ + ca-certificates \ + curl \ + gnupg \ + lsb-release + + # Add Docker's official GPG key + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + + # Set up Docker repository + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + # Install Docker + sudo apt-get update + sudo apt-get install -y docker-ce docker-ce-cli containerd.io + + # Verify Docker Version + - name: Verify Docker Version + run: docker --version + + # Build Docker Image + - name: Build Docker Image run: docker build -f Dockerfile -t agapp:latest . - - name: Docker Scout Scan image + # Install and Run Docker Scout + - name: Docker Scout Scan run: | - curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh - sh install-scout.sh - docker scout quickview - docker scout cves - - - + # Install Docker Scout + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh + sh install-scout.sh - + # Run Scout scans + docker scout quickview + docker scout cves From d4adcfc202280ad684f27b5ef213de3b43e95600 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 12:16:38 -0500 Subject: [PATCH 12/16] Update ci.yml python slim 3.77 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a281a3db3..65e958fe0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.11 # Updated Python version - name: Install Bandit run: pip install bandit From 00cd7577bb58b0ca5187a00b4952d9a8b77a8033 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 12:21:03 -0500 Subject: [PATCH 13/16] Update ci.yml --- .github/workflows/ci.yml | 137 ++++++++++++++++----------------------- 1 file changed, 56 insertions(+), 81 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65e958fe0..3afff94da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,90 +1,65 @@ -name: CI +dockerimage_scan: + name: Build and Scan Docker Image + runs-on: ubuntu-latest -on: [push] + steps: + # Checkout the code + - name: Checkout code + uses: actions/checkout@v2 -jobs: - # SAST Scan Job - sast_scan: - name: Run Bandit Scan on app - runs-on: ubuntu-latest + # Remove Default Moby + - name: Remove Default Moby + run: | + sudo apt-get remove -y moby-engine moby-cli || echo "Moby not installed" - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.11 # Updated Python version - - - name: Install Bandit - run: pip install bandit - - - name: Run Bandit Scan in current directory - run: bandit -ll -ii -r . -f json -o bandit-report.json + # Install Docker + - name: Install Docker + run: | + # Update package index + sudo apt-get update - - name: Upload the artifact(s) - uses: actions/upload-artifact@v3 - if: always() - with: - name: Bandit vulnerability findings - path: bandit-report.json - - # Docker Image Scan Job - dockerimage_scan: - name: Build and Scan Docker Image - runs-on: ubuntu-latest - - steps: - # Checkout the code - - name: Checkout code - uses: actions/checkout@v2 - - # Remove Default Moby - - name: Remove Default Moby - run: | - sudo apt-get remove -y moby-engine moby-cli || echo "Moby not installed" + # Install prerequisites + sudo apt-get install -y \ + ca-certificates \ + curl \ + gnupg \ + lsb-release + + # Add Docker's official GPG key + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + + # Set up Docker repository + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + # Install Docker + sudo apt-get update + sudo apt-get install -y docker-ce docker-ce-cli containerd.io - # Install Docker - - name: Install Docker - run: | - # Update package index - sudo apt-get update - - # Install prerequisites - sudo apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - lsb-release - - # Add Docker's official GPG key - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - - # Set up Docker repository - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - - # Install Docker - sudo apt-get update - sudo apt-get install -y docker-ce docker-ce-cli containerd.io + # Verify Docker Version + - name: Verify Docker Version + run: docker --version - # Verify Docker Version - - name: Verify Docker Version - run: docker --version + # Build Docker Image + - name: Build Docker Image + run: docker build -f Dockerfile -t agapp:latest . - # Build Docker Image - - name: Build Docker Image - run: docker build -f Dockerfile -t agapp:latest . + # Install and Run Docker Scout + - name: Docker Scout Scan + run: | + # Install Docker Scout + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh + sh install-scout.sh - # Install and Run Docker Scout - - name: Docker Scout Scan - run: | - # Install Docker Scout - curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh - sh install-scout.sh + # Run Scout scans + docker scout quickview + docker scout cves - # Run Scout scans - docker scout quickview - docker scout cves + # Fix for the apt-get issue with dependencies (dnsutils, libpq-dev, python3-dev) + - name: Install Dependencies in Docker Image + run: | + # Install necessary packages + sudo apt-get update + sudo apt-get install --no-install-recommends -y dnsutils libpq-dev python3-dev + sudo apt-get clean && rm -rf /var/lib/apt/lists/* From d5d8f9bb5f467f9f368777229706841b4880a662 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 12:33:01 -0500 Subject: [PATCH 14/16] Update ci.yml --- .github/workflows/ci.yml | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3afff94da..a4f829777 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,35 @@ -dockerimage_scan: +name: CI + +on: [push] + +jobs: + sast_scan: + name: Run Bandit Scan on app + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + - name: Install Bandit + run: pip install bandit + + - name: Run Bandit Scan in current directory + run: bandit -ll -ii -r . -f json -o bandit-report.json + + - name: Upload the artifact(s) + uses: actions/upload-artifact@v3 + if: always() + with: + name: Bandit vulnerability findings + path: bandit-report.json + + dockerimage_scan: name: Build and Scan Docker Image runs-on: ubuntu-latest @@ -63,3 +94,9 @@ dockerimage_scan: sudo apt-get update sudo apt-get install --no-install-recommends -y dnsutils libpq-dev python3-dev sudo apt-get clean && rm -rf /var/lib/apt/lists/* + + + + + + From 7165cc8c61ad824aa9ccf9903e518c5a47837cf4 Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 12:41:09 -0500 Subject: [PATCH 15/16] Update ci.yml --- .github/workflows/ci.yml | 83 ++++++++-------------------------------- 1 file changed, 17 insertions(+), 66 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4f829777..f97afbfe5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,73 +30,24 @@ jobs: path: bandit-report.json dockerimage_scan: - name: Build and Scan Docker Image - runs-on: ubuntu-latest + name: Build our image and run a scan on it + runs-on: ubuntu-latest - steps: - # Checkout the code - - name: Checkout code - uses: actions/checkout@v2 - - # Remove Default Moby - - name: Remove Default Moby - run: | - sudo apt-get remove -y moby-engine moby-cli || echo "Moby not installed" - - # Install Docker - - name: Install Docker - run: | - # Update package index - sudo apt-get update - - # Install prerequisites - sudo apt-get install -y \ - ca-certificates \ - curl \ - gnupg \ - lsb-release - - # Add Docker's official GPG key - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - - # Set up Docker repository - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - - # Install Docker - sudo apt-get update - sudo apt-get install -y docker-ce docker-ce-cli containerd.io - - # Verify Docker Version - - name: Verify Docker Version - run: docker --version - - # Build Docker Image - - name: Build Docker Image - run: docker build -f Dockerfile -t agapp:latest . - - # Install and Run Docker Scout - - name: Docker Scout Scan - run: | - # Install Docker Scout - curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh - sh install-scout.sh - - # Run Scout scans - docker scout quickview - docker scout cves + steps: + - name: Checkout code + uses: actions/checkout@v2 - # Fix for the apt-get issue with dependencies (dnsutils, libpq-dev, python3-dev) - - name: Install Dependencies in Docker Image - run: | - # Install necessary packages - sudo apt-get update - sudo apt-get install --no-install-recommends -y dnsutils libpq-dev python3-dev - sudo apt-get clean && rm -rf /var/lib/apt/lists/* + - name: Set up our docker + uses: docker-practice/actions-setup-docker@v1 + with: + docker_version: '20.10' - - - + - name: Build the image + run: docker build -f Dockerfile -t agapp:latest . - + - name: Docker Scout Scan image + run: | + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh + sh install-scout.sh + docker scout quickview + docker scout cves From b8aa4efcaa409d915b1716193cc48a985a8181db Mon Sep 17 00:00:00 2001 From: agondo69 Date: Wed, 8 Jan 2025 12:48:59 -0500 Subject: [PATCH 16/16] Update ci.yml --- .github/workflows/ci.yml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f97afbfe5..a1d6ddb1e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,28 +26,39 @@ jobs: uses: actions/upload-artifact@v3 if: always() with: - name: Bandit vulnerability findings - path: bandit-report.json + name: Bandit vulnerability findings + path: bandit-report.json dockerimage_scan: - name: Build our image and run a scan on it - runs-on: ubuntu-latest + name: Build our image and run a scan on it + runs-on: ubuntu-latest - steps: + steps: - name: Checkout code uses: actions/checkout@v2 - name: Set up our docker uses: docker-practice/actions-setup-docker@v1 with: - docker_version: '20.10' + docker_version: '20.10' + + - name: Set up Docker daemon configuration + run: | + echo '{ + "hosts": ["unix:///var/run/docker.sock"], + "live-restore": true + }' | sudo tee /etc/docker/daemon.json + # Ensure Docker is restarted to apply configuration + - name: Restart Docker + run: | + sudo systemctl restart docker - name: Build the image run: docker build -f Dockerfile -t agapp:latest . - name: Docker Scout Scan image run: | - curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh - sh install-scout.sh - docker scout quickview - docker scout cves + curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh + sh install-scout.sh + docker scout quickview + docker scout cves