From 14849460be05aa5e7a5081d7772ba4657351bec4 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:11:24 +0300 Subject: [PATCH 01/35] add-grype --- .drone.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.drone.yml b/.drone.yml index 44e74e8..b7855a8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,6 +45,19 @@ steps: when: event: pull_request + - name: grype security check + image: anchore/grype + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + REGISTRY: registry.fedy95.com + commands: + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + when: + event: pull_request + + - name: cleanup image: docker:dind volumes: -- 2.30.2 From 914489d82800cee3a47d087f60e745e3d1086521 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:12:23 +0300 Subject: [PATCH 02/35] add-grype --- .drone.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index b7855a8..6ae6fa8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -57,7 +57,6 @@ steps: when: event: pull_request - - name: cleanup image: docker:dind volumes: -- 2.30.2 From 0d83ac4893ffe33af34d51b2fdc80e6d35b0f793 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:15:07 +0300 Subject: [PATCH 03/35] add-grype --- .drone.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.drone.yml b/.drone.yml index 6ae6fa8..208f9ac 100644 --- a/.drone.yml +++ b/.drone.yml @@ -64,6 +64,9 @@ steps: path: /var/run/docker.sock commands: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA + depends_on: + - trivy security check + - grype security check when: event: pull_request -- 2.30.2 From 5387d1893220ce0f7895a81098f7be3167dd2c8d Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:16:07 +0300 Subject: [PATCH 04/35] add-grype --- .drone.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 208f9ac..857c5c7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -53,7 +53,8 @@ steps: environment: REGISTRY: registry.fedy95.com commands: - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" +# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + - "grype --help" when: event: pull_request @@ -64,9 +65,6 @@ steps: path: /var/run/docker.sock commands: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA - depends_on: - - trivy security check - - grype security check when: event: pull_request -- 2.30.2 From c1437e20c9649fa039e17226192296325452a883 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:22:35 +0300 Subject: [PATCH 05/35] add-grype --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 857c5c7..e39fea6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -42,6 +42,7 @@ steps: --format json \ --no-progress \ $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" + - sleep 5 when: event: pull_request @@ -53,7 +54,7 @@ steps: environment: REGISTRY: registry.fedy95.com commands: -# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - "grype --help" when: event: pull_request -- 2.30.2 From 7bcae407bc04fafbaf81b12e8d4e813fd9849729 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:24:01 +0300 Subject: [PATCH 06/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index e39fea6..d0c5f42 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,6 +8,7 @@ volumes: - name: dockersock host: path: /var/run/docker.sock + temp: {} steps: - name: lint yaml @@ -42,7 +43,6 @@ steps: --format json \ --no-progress \ $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" - - sleep 5 when: event: pull_request -- 2.30.2 From 9a4530d767f758c17def0d43fe8350da0d958b4f Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:25:14 +0300 Subject: [PATCH 07/35] add-grype --- .drone.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/.drone.yml b/.drone.yml index d0c5f42..0eb17ae 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,7 +8,6 @@ volumes: - name: dockersock host: path: /var/run/docker.sock - temp: {} steps: - name: lint yaml @@ -30,21 +29,21 @@ steps: when: event: pull_request - - name: trivy security check - image: aquasec/trivy - volumes: - - name: dockersock - path: /var/run/docker.sock - environment: - REGISTRY: registry.fedy95.com - commands: - - "trivy \ - --exit-code 1 \ - --format json \ - --no-progress \ - $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" - when: - event: pull_request +# - name: trivy security check +# image: aquasec/trivy +# volumes: +# - name: dockersock +# path: /var/run/docker.sock +# environment: +# REGISTRY: registry.fedy95.com +# commands: +# - "trivy \ +# --exit-code 1 \ +# --format json \ +# --no-progress \ +# $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" +# when: +# event: pull_request - name: grype security check image: anchore/grype -- 2.30.2 From 641164b919402382089391608d07e5b6db5eae06 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:27:23 +0300 Subject: [PATCH 08/35] add-grype --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0eb17ae..c06455b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -53,8 +53,8 @@ steps: environment: REGISTRY: registry.fedy95.com commands: - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - - "grype --help" +# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + - grype --help when: event: pull_request -- 2.30.2 From 907c7fde176c61e376b34774bef8420ecb676134 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:28:00 +0300 Subject: [PATCH 09/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index c06455b..07aab61 100644 --- a/.drone.yml +++ b/.drone.yml @@ -54,7 +54,7 @@ steps: REGISTRY: registry.fedy95.com commands: # - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - - grype --help + - sleep 20 when: event: pull_request -- 2.30.2 From 7c173a8036767f721f9955ba4f26bf48a755406a Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:29:20 +0300 Subject: [PATCH 10/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 07aab61..69b2163 100644 --- a/.drone.yml +++ b/.drone.yml @@ -46,7 +46,7 @@ steps: # event: pull_request - name: grype security check - image: anchore/grype + image: anchore/grype:latest volumes: - name: dockersock path: /var/run/docker.sock -- 2.30.2 From 763297f9fe96a31357312bdd3983ed169368f400 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:29:59 +0300 Subject: [PATCH 11/35] add-grype --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 69b2163..afb519c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -50,8 +50,8 @@ steps: volumes: - name: dockersock path: /var/run/docker.sock - environment: - REGISTRY: registry.fedy95.com +# environment: +# REGISTRY: registry.fedy95.com commands: # - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - sleep 20 -- 2.30.2 From 861c569d884d293bd5f218eb1f07b91543b9ca42 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:30:33 +0300 Subject: [PATCH 12/35] add-grype --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index afb519c..c9404f2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -47,9 +47,9 @@ steps: - name: grype security check image: anchore/grype:latest - volumes: - - name: dockersock - path: /var/run/docker.sock +# volumes: +# - name: dockersock +# path: /var/run/docker.sock # environment: # REGISTRY: registry.fedy95.com commands: -- 2.30.2 From 60d23f96bc0698cd4f508c87b616006456c574a2 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:30:52 +0300 Subject: [PATCH 13/35] add-grype --- .drone.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index c9404f2..6e72536 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,18 +45,18 @@ steps: # when: # event: pull_request - - name: grype security check - image: anchore/grype:latest +# - name: grype security check +# image: anchore/grype:latest # volumes: # - name: dockersock # path: /var/run/docker.sock # environment: # REGISTRY: registry.fedy95.com - commands: +# commands: # - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - - sleep 20 - when: - event: pull_request +# - sleep 20 +# when: +# event: pull_request - name: cleanup image: docker:dind -- 2.30.2 From 7e06626fe5105ace0565e653c77919c8aa32d95d Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:32:47 +0300 Subject: [PATCH 14/35] add-grype --- .drone.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6e72536..c9404f2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,18 +45,18 @@ steps: # when: # event: pull_request -# - name: grype security check -# image: anchore/grype:latest + - name: grype security check + image: anchore/grype:latest # volumes: # - name: dockersock # path: /var/run/docker.sock # environment: # REGISTRY: registry.fedy95.com -# commands: + commands: # - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" -# - sleep 20 -# when: -# event: pull_request + - sleep 20 + when: + event: pull_request - name: cleanup image: docker:dind -- 2.30.2 From b30f13776604de1925a1b2c78fbdb46bcbddc69e Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:33:13 +0300 Subject: [PATCH 15/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index c9404f2..107dbd5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,7 +45,7 @@ steps: # when: # event: pull_request - - name: grype security check + - name: g image: anchore/grype:latest # volumes: # - name: dockersock -- 2.30.2 From 5a38f520b1f030b20ce79e4466afbc19ed16e835 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:33:29 +0300 Subject: [PATCH 16/35] add-grype --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 107dbd5..baac828 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,8 +45,8 @@ steps: # when: # event: pull_request - - name: g - image: anchore/grype:latest + - name: grype security check + image: docker:dind # volumes: # - name: dockersock # path: /var/run/docker.sock -- 2.30.2 From 324ef4ad2c65f5e51db6000acfa30cf259aa5f96 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:34:46 +0300 Subject: [PATCH 17/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index baac828..e73d841 100644 --- a/.drone.yml +++ b/.drone.yml @@ -46,7 +46,7 @@ steps: # event: pull_request - name: grype security check - image: docker:dind + image: anchore/grype # volumes: # - name: dockersock # path: /var/run/docker.sock -- 2.30.2 From 1ebb3fd58e7ba967be25e0cf4aa02646a7d22bb6 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:40:59 +0300 Subject: [PATCH 18/35] add-grype --- .drone.yml | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/.drone.yml b/.drone.yml index e73d841..0851fdf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,32 +29,32 @@ steps: when: event: pull_request -# - name: trivy security check -# image: aquasec/trivy -# volumes: -# - name: dockersock -# path: /var/run/docker.sock -# environment: -# REGISTRY: registry.fedy95.com -# commands: -# - "trivy \ -# --exit-code 1 \ -# --format json \ -# --no-progress \ -# $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" -# when: -# event: pull_request + - name: trivy security check + image: aquasec/trivy + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + REGISTRY: registry.fedy95.com + commands: + - "trivy \ + --exit-code 1 \ + --format json \ + --no-progress \ + $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" + when: + event: pull_request - name: grype security check - image: anchore/grype -# volumes: -# - name: dockersock -# path: /var/run/docker.sock -# environment: -# REGISTRY: registry.fedy95.com + image: docker:dind + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + REGISTRY: registry.fedy95.com commands: -# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - - sleep 20 + - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: event: pull_request -- 2.30.2 From 9eaa60e716e3a311aa79d1b33a11377f365d3ad2 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:51:36 +0300 Subject: [PATCH 19/35] add-grype --- .drone.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0851fdf..7092c1c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,21 +29,21 @@ steps: when: event: pull_request - - name: trivy security check - image: aquasec/trivy - volumes: - - name: dockersock - path: /var/run/docker.sock - environment: - REGISTRY: registry.fedy95.com - commands: - - "trivy \ - --exit-code 1 \ - --format json \ - --no-progress \ - $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" - when: - event: pull_request +# - name: trivy security check +# image: aquasec/trivy +# volumes: +# - name: dockersock +# path: /var/run/docker.sock +# environment: +# REGISTRY: registry.fedy95.com +# commands: +# - "trivy \ +# --exit-code 1 \ +# --format json \ +# --no-progress \ +# $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" +# when: +# event: pull_request - name: grype security check image: docker:dind @@ -53,8 +53,10 @@ steps: environment: REGISTRY: registry.fedy95.com commands: + - apk add wget - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" +# - sleep 20 when: event: pull_request -- 2.30.2 From 8963f4c202161c442bfe3ce0c5914ce9a7798ebf Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:52:23 +0300 Subject: [PATCH 20/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7092c1c..568c9b9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -53,7 +53,7 @@ steps: environment: REGISTRY: registry.fedy95.com commands: - - apk add wget + - apk add curl - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" # - sleep 20 -- 2.30.2 From 2a7627b9e74f78472f3ebb0c0d78b24663c07e67 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:55:27 +0300 Subject: [PATCH 21/35] add-grype --- .drone.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 568c9b9..5992a1d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -56,7 +56,20 @@ steps: - apk add curl - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" -# - sleep 20 + when: + event: pull_request + + - name: grype security check + image: anchore:grype + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + REGISTRY: registry.fedy95.com + commands: +# - apk add curl +# - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: event: pull_request -- 2.30.2 From fda79dc18e56e1fa921e0503bf99218cef8b1d1a Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:55:46 +0300 Subject: [PATCH 22/35] add-grype --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 5992a1d..9dee2cf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -60,14 +60,14 @@ steps: event: pull_request - name: grype security check - image: anchore:grype + image: anchore/grype volumes: - name: dockersock path: /var/run/docker.sock environment: REGISTRY: registry.fedy95.com commands: -# - apk add curl + - apk add curl # - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: -- 2.30.2 From 06240187369d9da17b0b620bd7b343609f4eb0e1 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 19:56:26 +0300 Subject: [PATCH 23/35] add-grype --- .drone.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9dee2cf..543019a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,19 +45,19 @@ steps: # when: # event: pull_request - - name: grype security check - image: docker:dind - volumes: - - name: dockersock - path: /var/run/docker.sock - environment: - REGISTRY: registry.fedy95.com - commands: - - apk add curl - - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" - when: - event: pull_request +# - name: grype security check +# image: docker:dind +# volumes: +# - name: dockersock +# path: /var/run/docker.sock +# environment: +# REGISTRY: registry.fedy95.com +# commands: +# - apk add curl +# - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin +# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" +# when: +# event: pull_request - name: grype security check image: anchore/grype -- 2.30.2 From 23fb7b4503255815e08ab10f1cb3e43ae016757d Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:11:28 +0300 Subject: [PATCH 24/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 543019a..00966b2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -60,7 +60,7 @@ steps: # event: pull_request - name: grype security check - image: anchore/grype + image: anchore/grype:v0.10 volumes: - name: dockersock path: /var/run/docker.sock -- 2.30.2 From 2a7062d267f8b26cf1034f5356eab4304d082675 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:12:04 +0300 Subject: [PATCH 25/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 00966b2..1357cce 100644 --- a/.drone.yml +++ b/.drone.yml @@ -69,7 +69,7 @@ steps: commands: - apk add curl # - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" +# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: event: pull_request -- 2.30.2 From dca7e022ec592a3fb5f2277e79bb776566b6cbb9 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:28:13 +0300 Subject: [PATCH 26/35] add-grype --- .drone.yml | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/.drone.yml b/.drone.yml index 1357cce..6b41fb7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -43,33 +43,19 @@ steps: # --no-progress \ # $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" # when: -# event: pull_request - -# - name: grype security check -# image: docker:dind -# volumes: -# - name: dockersock -# path: /var/run/docker.sock -# environment: -# REGISTRY: registry.fedy95.com -# commands: -# - apk add curl -# - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin -# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" -# when: # event: pull_request - name: grype security check - image: anchore/grype:v0.10 + image: anchore/anchore-engine volumes: - name: dockersock path: /var/run/docker.sock environment: REGISTRY: registry.fedy95.com commands: - - apk add curl -# - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin -# - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --help" + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: event: pull_request -- 2.30.2 From b8532db338a575a59ae0945d58ca3c52c9dd1f50 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:28:39 +0300 Subject: [PATCH 27/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 6b41fb7..2f3646d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -46,7 +46,7 @@ steps: # event: pull_request - name: grype security check - image: anchore/anchore-engine + image: anchore/grype volumes: - name: dockersock path: /var/run/docker.sock -- 2.30.2 From 672847e41ccce33c3a107315c9160097872a6287 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:28:57 +0300 Subject: [PATCH 28/35] add-grype --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 2f3646d..3f3ad89 100644 --- a/.drone.yml +++ b/.drone.yml @@ -46,7 +46,7 @@ steps: # event: pull_request - name: grype security check - image: anchore/grype + image: docker:dind volumes: - name: dockersock path: /var/run/docker.sock -- 2.30.2 From 622f26c8437b948980d4f9aeecce267007e391d8 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:29:26 +0300 Subject: [PATCH 29/35] add-grype --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 3f3ad89..9c615b5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -53,6 +53,7 @@ steps: environment: REGISTRY: registry.fedy95.com commands: + - apk add --no-cache curl - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --help" - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" -- 2.30.2 From bf5137d673a33b135e9052aa49af12c9fa824189 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:30:59 +0300 Subject: [PATCH 30/35] add-grype --- .drone.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9c615b5..47c5ee6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -55,8 +55,10 @@ steps: commands: - apk add --no-cache curl - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --help" - - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" + - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \ + --scope all-layers \ + --fail-on=critical \ + --verbose" when: event: pull_request -- 2.30.2 From d18facc2874c513efc76ede668a6bf3a766bd33d Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:33:22 +0300 Subject: [PATCH 31/35] add-grype --- .drone.yml | 30 +++++++++++++++--------------- README.md | 3 +++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/.drone.yml b/.drone.yml index 47c5ee6..e31febe 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,21 +29,21 @@ steps: when: event: pull_request -# - name: trivy security check -# image: aquasec/trivy -# volumes: -# - name: dockersock -# path: /var/run/docker.sock -# environment: -# REGISTRY: registry.fedy95.com -# commands: -# - "trivy \ -# --exit-code 1 \ -# --format json \ -# --no-progress \ -# $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" -# when: -# event: pull_request + - name: trivy security check + image: aquasec/trivy + volumes: + - name: dockersock + path: /var/run/docker.sock + environment: + REGISTRY: registry.fedy95.com + commands: + - "trivy \ + --exit-code 1 \ + --format json \ + --no-progress \ + $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" + when: + event: pull_request - name: grype security check image: docker:dind diff --git a/README.md b/README.md index dd0cc62..00da575 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,7 @@ Baseimage for CI tasks - [yamllint git](https://github.com/adrienverge/yamllint) - [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint) + +### security scanners - [trivy](https://github.com/aquasecurity/trivy) +- [grype](https://github.com/anchore/grype) -- 2.30.2 From 8e200d6b8424642b367e3e3684921d04a9faa37f Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:38:26 +0300 Subject: [PATCH 32/35] add-grype --- .drone.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index e31febe..c128c6c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -71,7 +71,9 @@ steps: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA when: event: pull_request - + depends_on: + - trivy security check + - grype security check - name: release image: docker:dind -- 2.30.2 From 312810dced5906bdcf25b93173dcab4ce6c47231 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:39:08 +0300 Subject: [PATCH 33/35] add-grype --- .drone.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index c128c6c..0e90b62 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,7 +29,7 @@ steps: when: event: pull_request - - name: trivy security check + - name: trivy image: aquasec/trivy volumes: - name: dockersock @@ -45,7 +45,7 @@ steps: when: event: pull_request - - name: grype security check + - name: grype image: docker:dind volumes: - name: dockersock @@ -72,8 +72,8 @@ steps: when: event: pull_request depends_on: - - trivy security check - - grype security check + - trivy + - grype - name: release image: docker:dind -- 2.30.2 From 44580ab25c5d873c03e26ec5a1620d7dccbb3a21 Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:49:39 +0300 Subject: [PATCH 34/35] add-grype --- .drone.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0e90b62..81c48ec 100644 --- a/.drone.yml +++ b/.drone.yml @@ -54,7 +54,8 @@ steps: REGISTRY: registry.fedy95.com commands: - apk add --no-cache curl - - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \ + sh -s -- -b /usr/local/bin" - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \ --scope all-layers \ --fail-on=critical \ @@ -71,9 +72,7 @@ steps: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA when: event: pull_request - depends_on: - - trivy - - grype + depends_on: [trivy, grype] - name: release image: docker:dind -- 2.30.2 From dcf2284b4c53758253077e4de3131c378a0307aa Mon Sep 17 00:00:00 2001 From: fedy95 Date: Mon, 28 Jun 2021 20:59:10 +0300 Subject: [PATCH 35/35] add-grype --- .drone.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 81c48ec..20eed2c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -29,7 +29,7 @@ steps: when: event: pull_request - - name: trivy + - name: trivy security scan image: aquasec/trivy volumes: - name: dockersock @@ -45,7 +45,7 @@ steps: when: event: pull_request - - name: grype + - name: grype security scan image: docker:dind volumes: - name: dockersock @@ -55,7 +55,7 @@ steps: commands: - apk add --no-cache curl - "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \ - sh -s -- -b /usr/local/bin" + sh -s -- -b /usr/local/bin" - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \ --scope all-layers \ --fail-on=critical \ @@ -72,7 +72,6 @@ steps: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA when: event: pull_request - depends_on: [trivy, grype] - name: release image: docker:dind -- 2.30.2