add pipelines #1720
add pipelines #1720
Conversation
|
❌ Docker Image Scan (Dockle) failed No output |
4 similar comments
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Dockerfile Lint (Hadolint) failed No output |
1 similar comment
|
❌ Dockerfile Lint (Hadolint) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
5 similar comments
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed {
"image": "ghcr.io/intersectmbo/govtool-govtool-status-service:f2dcc8d78e64280e2c6d0465929ceb76a8533c3a",
"summary": {
"fatal": 2,
"warn": 1,
"info": 2,
"skip": 0,
"pass": 11
},
"details": [
{
"code": "CIS-DI-0010",
"title": "Do not store credential in environment variables/files",
"level": "FATAL",
"alerts": [
"Suspicious ENV key found : --access-logfile on CMD [\"python3\" \"-m\" \"gunicorn\" \"--bind=0.0.0.0\" \"--workers=4\" \"--access-logfile=-\" \"app:app\"] (You can suppress it with --accept-key)",
"Suspicious ENV key found : GRAFANA_PASSWORD on ENV GRAFANA_PASSWORD=set-me-at-runtime (You can suppress it with --accept-key)"
]
},
{
"code": "DKL-DI-0004",
"title": "Use \"apk add\" with --no-cache",
"level": "FATAL",
"alerts": [
"Use --no-cache option if use 'apk add': RUN /bin/sh -c set -eux; \t\tapk add --no-cache --virtual .build-deps \t\tgnupg \t\ttar \t\txz \t\t\t\tbluez-dev \t\tbzip2-dev \t\tdpkg-dev dpkg \t\texpat-dev \t\tfindutils \t\tgcc \t\tgdbm-dev \t\tlibc-dev \t\tlibffi-dev \t\tlibnsl-dev \t\tlibtirpc-dev \t\tlinux-headers \t\tmake \t\tncurses-dev \t\topenssl-dev \t\tpax-utils \t\treadline-dev \t\tsqlite-dev \t\ttcl-dev \t\ttk \t\ttk-dev \t\tutil-linux-dev \t\txz-dev \t\tzlib-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t$(test \"$gnuArch\" != 'riscv64-linux-musl' \u0026\u0026 echo '--enable-optimizations') \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t--with-lto \t\t--with-system-expat \t\t--without-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"-DTHREAD_STACK_SIZE=0x100000\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t\t\"PROFILE_TASK=${PROFILE_TASK:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\t\"PROFILE_TASK=${PROFILE_TASK:-}\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \t\t| tr ',' '\\n' \t\t| sort -u \t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t| xargs -rt apk add --no-network --virtual .python-rundeps \t; \tapk del --no-network .build-deps; \t\tpython3 --version # buildkit"
]
},
{
"code": "CIS-DI-0001",
"title": "Create a user for the container",
"level": "WARN",
"alerts": [
"Last user should not be root"
]
},
{
"code": "CIS-DI-0005",
"title": "Enable Content trust for Docker",
"level": "INFO",
"alerts": [
"export DOCKER_CONTENT_TRUST=1 before docker pull/build"
]
},
{
"code": "CIS-DI-0006",
"title": "Add HEALTHCHECK instruction to the container image",
"level": "INFO",
"alerts": [
"not found HEALTHCHECK statement"
]
}
]
} |
|
✅ All checks succeeded |
4 similar comments
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
❌ Docker Image Scan (Dockle) failed No output |
|
✅ All checks succeeded |
2 similar comments
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
3 similar comments
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
❌ Docker Image Scan (Dockle) failed No output |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
5 similar comments
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
✅ All checks succeeded |
|
❌ Docker Image Scan (Dockle) failed No output |
6 similar comments
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
6 similar comments
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
|
❌ Docker Image Scan (Dockle) failed No output |
List of changes
Checklist