feat: add tini, start system podman, remove image.tar for scan
ZeroDownTime/jenkins-podman/pipeline/head There was a failure building this commit
Details
ZeroDownTime/jenkins-podman/pipeline/head There was a failure building this commit
Details
This commit is contained in:
parent
ddf17bb520
commit
cb2d4486d1
|
|
@ -6,6 +6,7 @@ USER root
|
|||
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
|
||||
&& apk upgrade -U -a \
|
||||
&& apk --no-cache add \
|
||||
tini \
|
||||
make \
|
||||
fuse-overlayfs \
|
||||
podman \
|
||||
|
|
@ -25,6 +26,9 @@ RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \
|
|||
# Trivy html template
|
||||
ADD --chown=jenkins:jenkins html.tpl /home/jenkins
|
||||
|
||||
# Patch jenkins-agent to launch podman service
|
||||
RUN sed -i -e 's/exec \$JAVA_BIN/podman system service -t0\&\n exec \$JAVA_BIN/' /usr/local/bin/jenkins-agent
|
||||
|
||||
# Make docker in Jenkinsfiles work
|
||||
RUN ln -s /usr/bin/podman /usr/bin/docker
|
||||
|
||||
|
|
@ -38,3 +42,4 @@ ENV BUILDAH_ISOLATION=chroot
|
|||
VOLUME /home/jenkins/.local/share/containers
|
||||
|
||||
USER jenkins
|
||||
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins-agent"]
|
||||
|
|
|
|||
10
Makefile
10
Makefile
|
|
@ -1,4 +1,4 @@
|
|||
VERSION ?= 0.1.2
|
||||
VERSION ?= 0.2.0
|
||||
BASE ?= latest-alpine-jdk11
|
||||
REGISTRY := public.ecr.aws/zero-downtime
|
||||
REPOSITORY := jenkins-podman
|
||||
|
|
@ -10,7 +10,7 @@ else
|
|||
TRIVY_OPTS := client --remote ${TRIVY_REMOTE}
|
||||
endif
|
||||
|
||||
.PHONY: build push clean scan
|
||||
.PHONY: build push scan
|
||||
|
||||
all: build
|
||||
|
||||
|
|
@ -22,9 +22,5 @@ push:
|
|||
podman tag $(TAG) $(REGISTRY)/$(TAG)
|
||||
podman push $(REGISTRY)/$(TAG)
|
||||
|
||||
clean:
|
||||
rm -f image.tar trivy-report.html
|
||||
|
||||
scan:
|
||||
[ -f image.tar ] || podman save $(TAG) -o image.tar
|
||||
trivy $(TRIVY_OPTS) --input image.tar
|
||||
trivy $(TRIVY_OPTS) $(TAG)
|
||||
|
|
|
|||
275
trivy.html
275
trivy.html
|
|
@ -1,275 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style>
|
||||
* {
|
||||
font-family: Arial, Helvetica, sans-serif;
|
||||
}
|
||||
h1 {
|
||||
text-align: center;
|
||||
}
|
||||
.group-header th {
|
||||
font-size: 200%;
|
||||
}
|
||||
.sub-header th {
|
||||
font-size: 150%;
|
||||
}
|
||||
table, th, td {
|
||||
border: 1px solid black;
|
||||
border-collapse: collapse;
|
||||
white-space: nowrap;
|
||||
padding: .3em;
|
||||
}
|
||||
table {
|
||||
margin: 0 auto;
|
||||
}
|
||||
.severity {
|
||||
text-align: center;
|
||||
font-weight: bold;
|
||||
color: #fafafa;
|
||||
}
|
||||
.severity-LOW .severity { background-color: #5fbb31; }
|
||||
.severity-MEDIUM .severity { background-color: #e9c600; }
|
||||
.severity-HIGH .severity { background-color: #ff8800; }
|
||||
.severity-CRITICAL .severity { background-color: #e40000; }
|
||||
.severity-UNKNOWN .severity { background-color: #747474; }
|
||||
.severity-LOW { background-color: #5fbb3160; }
|
||||
.severity-MEDIUM { background-color: #e9c60060; }
|
||||
.severity-HIGH { background-color: #ff880060; }
|
||||
.severity-CRITICAL { background-color: #e4000060; }
|
||||
.severity-UNKNOWN { background-color: #74747460; }
|
||||
table tr td:first-of-type {
|
||||
font-weight: bold;
|
||||
}
|
||||
.links a,
|
||||
.links[data-more-links=on] a {
|
||||
display: block;
|
||||
}
|
||||
.links[data-more-links=off] a:nth-of-type(1n+5) {
|
||||
display: none;
|
||||
}
|
||||
a.toggle-more-links { cursor: pointer; }
|
||||
</style>
|
||||
<title>image.tar (alpine 3.15.0) - Trivy Report - 2022-01-13T14:47:04.206039544Z</title>
|
||||
<script>
|
||||
window.onload = function() {
|
||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||
var links = [].concat.apply([], linkCell.querySelectorAll('a'));
|
||||
[].sort.apply(links, function(a, b) {
|
||||
return a.href > b.href ? 1 : -1;
|
||||
});
|
||||
links.forEach(function(link, idx) {
|
||||
if (links.length > 3 && 3 === idx) {
|
||||
var toggleLink = document.createElement('a');
|
||||
toggleLink.innerText = "Toggle more links";
|
||||
toggleLink.href = "#toggleMore";
|
||||
toggleLink.setAttribute("class", "toggle-more-links");
|
||||
linkCell.appendChild(toggleLink);
|
||||
}
|
||||
linkCell.appendChild(link);
|
||||
});
|
||||
});
|
||||
document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
|
||||
toggleLink.onclick = function() {
|
||||
var expanded = toggleLink.parentElement.getAttribute("data-more-links");
|
||||
toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
|
||||
return false;
|
||||
};
|
||||
});
|
||||
};
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<h1>image.tar (alpine 3.15.0) - Trivy Report - 2022-01-13T14:47:04.206060727Z</h1>
|
||||
<table>
|
||||
<tr class="group-header"><th colspan="6">alpine</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">jar</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr class="sub-header">
|
||||
<th>Package</th>
|
||||
<th>Vulnerability ID</th>
|
||||
<th>Severity</th>
|
||||
<th>Installed Version</th>
|
||||
<th>Fixed Version</th>
|
||||
<th>Links</th>
|
||||
</tr>
|
||||
<tr class="severity-HIGH">
|
||||
<td class="pkg-name">github.com/containerd/containerd</td>
|
||||
<td>CVE-2021-41103</td>
|
||||
<td class="severity">HIGH</td>
|
||||
<td class="pkg-version">v1.5.5</td>
|
||||
<td>v1.4.11, v1.5.7</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103</a>
|
||||
<a href="https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8">https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8</a>
|
||||
<a href="https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq">https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41103">https://nvd.nist.gov/vuln/detail/CVE-2021-41103</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5100-1">https://ubuntu.com/security/notices/USN-5100-1</a>
|
||||
<a href="https://www.debian.org/security/2021/dsa-5002">https://www.debian.org/security/2021/dsa-5002</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-UNKNOWN">
|
||||
<td class="pkg-name">github.com/opencontainers/image-spec</td>
|
||||
<td>GMS-2021-101</td>
|
||||
<td class="severity">UNKNOWN</td>
|
||||
<td class="pkg-version">v1.0.2-0.20210819154149-5ad6f50d6283</td>
|
||||
<td>1.0.2</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://github.com/advisories/GHSA-77vh-xpmg-72qh">https://github.com/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
<a href="https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m">https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c">https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/releases/tag/v1.0.2">https://github.com/opencontainers/image-spec/releases/tag/v1.0.2</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh">https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-UNKNOWN">
|
||||
<td class="pkg-name">golang.org/x/text</td>
|
||||
<td>CVE-2021-38561</td>
|
||||
<td class="severity">UNKNOWN</td>
|
||||
<td class="pkg-version">v0.3.6</td>
|
||||
<td>0.3.7</td>
|
||||
<td class="links" data-more-links="off">
|
||||
</td>
|
||||
</tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr class="sub-header">
|
||||
<th>Package</th>
|
||||
<th>Vulnerability ID</th>
|
||||
<th>Severity</th>
|
||||
<th>Installed Version</th>
|
||||
<th>Fixed Version</th>
|
||||
<th>Links</th>
|
||||
</tr>
|
||||
<tr class="severity-HIGH">
|
||||
<td class="pkg-name">golang.org/x/crypto</td>
|
||||
<td>CVE-2020-29652</td>
|
||||
<td class="severity">HIGH</td>
|
||||
<td class="pkg-version">v0.0.0-20201112155050-0c6587e931a9</td>
|
||||
<td>v0.0.0-20201216223049-8b5274cf687f</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652</a>
|
||||
<a href="https://go-review.googlesource.com/c/crypto/+/278852">https://go-review.googlesource.com/c/crypto/+/278852</a>
|
||||
<a href="https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1">https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2020-29652.html">https://linux.oracle.com/cve/CVE-2020-29652.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2021-1796.html">https://linux.oracle.com/errata/ELSA-2021-1796.html</a>
|
||||
<a href="https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E">https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29652">https://nvd.nist.gov/vuln/detail/CVE-2020-29652</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-UNKNOWN">
|
||||
<td class="pkg-name">golang.org/x/text</td>
|
||||
<td>CVE-2021-38561</td>
|
||||
<td class="severity">UNKNOWN</td>
|
||||
<td class="pkg-version">v0.3.5</td>
|
||||
<td>0.3.7</td>
|
||||
<td class="links" data-more-links="off">
|
||||
</td>
|
||||
</tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr class="sub-header">
|
||||
<th>Package</th>
|
||||
<th>Vulnerability ID</th>
|
||||
<th>Severity</th>
|
||||
<th>Installed Version</th>
|
||||
<th>Fixed Version</th>
|
||||
<th>Links</th>
|
||||
</tr>
|
||||
<tr class="severity-UNKNOWN">
|
||||
<td class="pkg-name">github.com/opencontainers/image-spec</td>
|
||||
<td>GMS-2021-101</td>
|
||||
<td class="severity">UNKNOWN</td>
|
||||
<td class="pkg-version">v1.0.2-0.20210819154149-5ad6f50d6283</td>
|
||||
<td>1.0.2</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://github.com/advisories/GHSA-77vh-xpmg-72qh">https://github.com/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
<a href="https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m">https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c">https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/releases/tag/v1.0.2">https://github.com/opencontainers/image-spec/releases/tag/v1.0.2</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh">https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr class="sub-header">
|
||||
<th>Package</th>
|
||||
<th>Vulnerability ID</th>
|
||||
<th>Severity</th>
|
||||
<th>Installed Version</th>
|
||||
<th>Fixed Version</th>
|
||||
<th>Links</th>
|
||||
</tr>
|
||||
<tr class="severity-UNKNOWN">
|
||||
<td class="pkg-name">github.com/opencontainers/image-spec</td>
|
||||
<td>GMS-2021-101</td>
|
||||
<td class="severity">UNKNOWN</td>
|
||||
<td class="pkg-version">v1.0.2-0.20190823105129-775207bd45b6</td>
|
||||
<td>1.0.2</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://github.com/advisories/GHSA-77vh-xpmg-72qh">https://github.com/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
<a href="https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m">https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c">https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/releases/tag/v1.0.2">https://github.com/opencontainers/image-spec/releases/tag/v1.0.2</a>
|
||||
<a href="https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh">https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
<tr class="group-header"><th colspan="6">gobinary</th></tr>
|
||||
<tr><th colspan="6">No Vulnerabilities found</th></tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue