From cb2d4486d18a5809ab137f8934523bbcebf851a8 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 14 Jan 2022 00:47:45 +0100 Subject: [PATCH] feat: add tini, start system podman, remove image.tar for scan --- Dockerfile | 5 + Makefile | 10 +- trivy.html | 275 ----------------------------------------------------- 3 files changed, 8 insertions(+), 282 deletions(-) delete mode 100644 trivy.html diff --git a/Dockerfile b/Dockerfile index cc39a06..a319b2c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,7 @@ USER root RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ && apk upgrade -U -a \ && apk --no-cache add \ + tini \ make \ fuse-overlayfs \ podman \ @@ -25,6 +26,9 @@ RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \ # Trivy html template ADD --chown=jenkins:jenkins html.tpl /home/jenkins +# Patch jenkins-agent to launch podman service +RUN sed -i -e 's/exec \$JAVA_BIN/podman system service -t0\&\n exec \$JAVA_BIN/' /usr/local/bin/jenkins-agent + # Make docker in Jenkinsfiles work RUN ln -s /usr/bin/podman /usr/bin/docker @@ -38,3 +42,4 @@ ENV BUILDAH_ISOLATION=chroot VOLUME /home/jenkins/.local/share/containers USER jenkins +ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins-agent"] diff --git a/Makefile b/Makefile index a7c00b6..58aebdb 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION ?= 0.1.2 +VERSION ?= 0.2.0 BASE ?= latest-alpine-jdk11 REGISTRY := public.ecr.aws/zero-downtime REPOSITORY := jenkins-podman @@ -10,7 +10,7 @@ else TRIVY_OPTS := client --remote ${TRIVY_REMOTE} endif -.PHONY: build push clean scan +.PHONY: build push scan all: build @@ -22,9 +22,5 @@ push: podman tag $(TAG) $(REGISTRY)/$(TAG) podman push $(REGISTRY)/$(TAG) -clean: - rm -f image.tar trivy-report.html - scan: - [ -f image.tar ] || podman save $(TAG) -o image.tar - trivy $(TRIVY_OPTS) --input image.tar + trivy $(TRIVY_OPTS) $(TAG) diff --git a/trivy.html b/trivy.html deleted file mode 100644 index 86efffc..0000000 --- a/trivy.html +++ /dev/null @@ -1,275 +0,0 @@ - - - - - - image.tar (alpine 3.15.0) - Trivy Report - 2022-01-13T14:47:04.206039544Z - - - -

image.tar (alpine 3.15.0) - Trivy Report - 2022-01-13T14:47:04.206060727Z

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
alpine
No Vulnerabilities found
No Misconfigurations found
jar
No Vulnerabilities found
No Misconfigurations found
gobinary
PackageVulnerability IDSeverityInstalled VersionFixed VersionLinks
github.com/containerd/containerdCVE-2021-41103HIGHv1.5.5v1.4.11, v1.5.7
github.com/opencontainers/image-specGMS-2021-101UNKNOWNv1.0.2-0.20210819154149-5ad6f50d62831.0.2
golang.org/x/textCVE-2021-38561UNKNOWNv0.3.60.3.7
No Misconfigurations found
gobinary
PackageVulnerability IDSeverityInstalled VersionFixed VersionLinks
golang.org/x/cryptoCVE-2020-29652HIGHv0.0.0-20201112155050-0c6587e931a9v0.0.0-20201216223049-8b5274cf687f
golang.org/x/textCVE-2021-38561UNKNOWNv0.3.50.3.7
No Misconfigurations found
gobinary
PackageVulnerability IDSeverityInstalled VersionFixed VersionLinks
github.com/opencontainers/image-specGMS-2021-101UNKNOWNv1.0.2-0.20210819154149-5ad6f50d62831.0.2
No Misconfigurations found
gobinary
PackageVulnerability IDSeverityInstalled VersionFixed VersionLinks
github.com/opencontainers/image-specGMS-2021-101UNKNOWNv1.0.2-0.20190823105129-775207bd45b61.0.2
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
gobinary
No Vulnerabilities found
No Misconfigurations found
- -