Pa Habr!

M'zowona zamakono, chifukwa chakukula kwa nkhokwe munjira zachitukuko, nkhani yowonetsetsa chitetezo cha magawo osiyanasiyana ndi mabungwe okhudzana ndi zotengera si nkhani yofunika kwambiri. Kuyang'ana pamanja kumatenga nthawi, choncho zingakhale bwino kuchitapo kanthu poyambira kuti izi zitheke.

M'nkhaniyi, ndigawana zolemba zokonzeka kugwiritsa ntchito zida zingapo zachitetezo cha Docker ndi malangizo amomwe mungatumizire kachiwonetsero kakang'ono kuyesa njirayi. Mutha kugwiritsa ntchito zidazo kuyesa momwe mungakonzekerere kuyesa chitetezo cha zithunzi ndi malangizo a Dockerfile. Zikuwonekeratu kuti chitukuko cha aliyense ndi kukhazikitsa kwake ndizosiyana, kotero m'munsimu ndipereka njira zingapo zomwe zingatheke.

Zoyang'anira chitetezo

Pali mitundu yambiri ya mapulogalamu othandizira osiyanasiyana ndi zolemba zomwe zimafufuza mbali zosiyanasiyana za zomangamanga za Docker. Zina mwa izo zafotokozedwa kale m'nkhani yapitayi (https://habr.com/ru/company/swordfish_security/blog/518758/#docker-security), ndipo m'nkhaniyi ndikufuna kuyang'ana pa atatu mwa iwo, omwe amaphimba zambiri zofunikira za chitetezo cha zithunzi za Docker zomwe zimamangidwa panthawi yachitukuko. Kuphatikiza apo, ndikuwonetsanso chitsanzo cha momwe zida zitatuzi zingalumikizidwe paipi imodzi kuti zitsimikizire chitetezo.

Hadolint
https://github.com/hadolint/hadolint

Chida chosavuta chothandizira chomwe chimathandiza, ngati kuyerekezera koyamba, kuwunika kulondola ndi chitetezo cha malangizo a Dockerfile (mwachitsanzo, kugwiritsa ntchito zolembera zovomerezeka zokha kapena kugwiritsa ntchito sudo).

Doko
https://github.com/goodwithtech/dockle

Chida chothandizira chomwe chimagwira ntchito ndi chithunzi (kapena chosungidwa ndi tar archive), chomwe chimayang'ana kulondola ndi chitetezo cha fano linalake, kusanthula zigawo zake ndi kasinthidwe - zomwe ogwiritsa ntchito amapangidwa, malangizo omwe amagwiritsidwa ntchito, omwe ma voliyumu amayikidwa, kukhalapo kwa mawu achinsinsi opanda kanthu, ndi zina zotero d. Pakali pano chiwerengero cha macheke sichili chachikulu kwambiri ndipo chimachokera ku macheke athu angapo ndi malingaliro athu. CIS (Center for Internet Security) Benchmark kwa Docker.

Amayesetsa
https://github.com/aquasecurity/trivy

Ntchitoyi ikufuna kupeza mitundu iwiri ya zovuta - zovuta ndi OS builds (mothandizidwa ndi Alpine, RedHat (EL), CentOS, Debian GNU, Ubuntu) ndi mavuto odalira (Gemfile.lock, Pipfile.lock, composer.lock, phukusi -lock.json , yarn.lock, cargo.lock). Trivy imatha kuyang'ana chithunzi chonse munkhokwe ndi chithunzi chapafupi, ndipo imathanso kusanthula kutengera fayilo ya .tar yomwe yasamutsidwa ndi chithunzi cha Docker.

Zosankha zogwiritsira ntchito zothandizira

Kuti muyese mapulogalamu omwe afotokozedwa pamalo akutali, ndipereka malangizo oyika zida zonse m'njira yosavuta.

Lingaliro lalikulu ndikuwonetsa momwe mungakhazikitsire zotsimikizira zomwe zili mu Dockerfiles ndi zithunzi za Docker zomwe zimapangidwa pakukula.

Cheke yokha imakhala ndi izi:

Kuyang'ana kulondola ndi chitetezo cha malangizo a Dockerfile pogwiritsa ntchito linter Hadolint
Kuwona kulondola ndi chitetezo cha zithunzi zomaliza ndi zapakatikati pogwiritsa ntchito zofunikira Doko
Kuyang'ana kupezeka kwa zovuta zomwe zimadziwika poyera (CVE) pachithunzi choyambira ndi kudalira zingapo - kugwiritsa ntchito zofunikira. Amayesetsa

Pambuyo pake m'nkhaniyi ndipereka njira zitatu zogwiritsira ntchito izi:
Yoyamba ndikukonza mapaipi a CI/CD pogwiritsa ntchito GitLab mwachitsanzo (ndi kufotokozera njira yokweza mayeso).
Yachiwiri ikugwiritsa ntchito chipolopolo.
Chachitatu chimaphatikizapo kupanga chithunzi cha Docker kuti chisanthule zithunzi za Docker.
Mutha kusankha njira yomwe imakuyenererani bwino, kusamutsa kuzinthu zanu ndikusinthira ku zosowa zanu.

Mafayilo onse ofunikira ndi malangizo owonjezera amapezekanso munkhokwe: https://github.com/Swordfish-Security/docker_cicd

Kuphatikiza mu GitLab CI/CD

Munjira yoyamba, tiwona momwe mungakhazikitsire macheke achitetezo pogwiritsa ntchito dongosolo la GitLab monga chitsanzo. Apa tidutsa masitepe ndikuwona momwe mungayikitsire malo oyesera ndi GitLab kuyambira poyambira, pangani njira yojambulira ndikuyambitsa zida zowunikira mayeso a Dockerfile ndi chithunzi chosasinthika - pulogalamu ya JuiceShop.

Kukhazikitsa GitLab
1. Ikani Docker:

sudo apt-get update && sudo apt-get install docker.io

2. Onjezani wogwiritsa ntchito pano pagulu la docker kuti mutha kugwira ntchito ndi docker osagwiritsa ntchito sudo:

sudo addgroup <username> docker

3. Pezani IP yanu:

ip addr

4. Ikani ndi kukhazikitsa GitLab mu chidebecho, m'malo mwa adilesi ya IP mu dzina la alendo ndi yanu:

docker run --detach 
--hostname 192.168.1.112 
--publish 443:443 --publish 80:80 
--name gitlab 
--restart always 
--volume /srv/gitlab/config:/etc/gitlab 
--volume /srv/gitlab/logs:/var/log/gitlab 
--volume /srv/gitlab/data:/var/opt/gitlab 
gitlab/gitlab-ce:latest

Timadikirira mpaka GitLab amalize njira zonse zofunika kukhazikitsa (mutha kuyang'anira ndondomekoyi kudzera muzolemba za fayilo: docker logs -f gitlab).

5. Tsegulani IP yanu yapafupi mu msakatuli ndikuwona tsamba likukupemphani kuti musinthe mawu achinsinsi a wogwiritsa ntchito mizu:

Khazikitsani mawu achinsinsi atsopano ndikupita ku GitLab.

6. Pangani pulojekiti yatsopano, mwachitsanzo cicd-test ndikuyiyambitsa ndi fayilo yoyambira README.md:

7. Tsopano tikufunika kukhazikitsa GitLab Runner: wothandizira yemwe adzayendetsa ntchito zonse zofunika pakupempha.
Tsitsani mtundu waposachedwa (pankhaniyi, wa Linux 64-bit):

sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64

8. Pangani kuti zitheke:

sudo chmod +x /usr/local/bin/gitlab-runner

9. Onjezani wogwiritsa ntchito OS wa Runner ndikuyamba ntchito:

sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner start

Iyenera kuwoneka motere:

local@osboxes:~$ sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
Runtime platform arch=amd64 os=linux pid=8438 revision=0e5417a3 version=12.0.1
local@osboxes:~$ sudo gitlab-runner start
Runtime platform arch=amd64 os=linux pid=8518 revision=0e5417a3 version=12.0.1

10. Tsopano timalembetsa Runner kuti igwirizane ndi chitsanzo chathu cha GitLab.
Kuti muchite izi, tsegulani tsamba la Zikhazikiko-CI/CD (http://OUR_IP_ADDRESS/root/cicd-test/-/settings/ci_cd) ndipo pa Runners tabu pezani ulalo ndi chizindikiro cholembetsa:

11. Register Runner polowetsa ulalo ndi chizindikiro cholembetsa:

sudo gitlab-runner register 
--non-interactive 
--url "http://<URL>/" 
--registration-token "<Registration Token>" 
--executor "docker" 
--docker-privileged 
--docker-image alpine:latest 
--description "docker-runner" 
--tag-list "docker,privileged" 
--run-untagged="true" 
--locked="false" 
--access-level="not_protected"

Zotsatira zake, timapeza GitLab yopangidwa kale, momwe timafunikira kuwonjezera malangizo kuti tiyambitse zida zathu. Muchiwonetserochi tilibe njira zopangira pulogalamuyo ndikuyikamo, koma m'malo enieni izi zingatsogolere masitepe osanthula ndikupanga zithunzi ndi Dockerfile kuti muwunike.

kasinthidwe ka pipeline

1. Onjezani mafayilo kunkhokwe mydockerfile.df (awa ndi mayeso a Dockerfile omwe tiwona) ndi fayilo yosinthira ya GitLab CI/CD .gitlab-cicd.yml, yomwe imalemba malangizo a makina ojambulira (onani kadontho mu dzina la fayilo).

Fayilo yosinthira ya YAML ili ndi malangizo ogwiritsira ntchito zida zitatu (Hadolint, Dockle, ndi Trivy) zomwe zidzasanthula Dockerfile yosankhidwa ndi chithunzi chomwe chafotokozedwa mumitundu ya DOCKERFILE. Mafayilo onse ofunikira atha kutengedwa kuchokera kunkhokwe: https://github.com/Swordfish-Security/docker_cicd/

Kadule kuchokera mydockerfile.df (iyi ndi fayilo yachidziwitso yokhala ndi malangizo osasinthika kuti awonetse momwe ntchitoyo ikuyendera). Ulalo wachindunji ku fayilo: mydockerfile.df

Zomwe zili mu mydockerfile.df

FROM amd64/node:10.16.0-alpine@sha256:f59303fb3248e5d992586c76cc83e1d3700f641cbcd7c0067bc7ad5bb2e5b489 AS tsbuild
COPY package.json .
COPY yarn.lock .
RUN yarn install
COPY lib lib
COPY tsconfig.json tsconfig.json
COPY tsconfig.app.json tsconfig.app.json
RUN yarn build
FROM amd64/ubuntu:18.04@sha256:eb70667a801686f914408558660da753cde27192cd036148e58258819b927395
LABEL maintainer="Rhys Arkins <[email protected]>"
LABEL name="renovate"
...
COPY php.ini /usr/local/etc/php/php.ini
RUN cp -a /tmp/piik/* /var/www/html/
RUN rm -rf /tmp/piwik
RUN chown -R www-data /var/www/html
ADD piwik-cli-setup /piwik-cli-setup
ADD reset.php /var/www/html/
## ENTRYPOINT ##
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
USER root

Kusintha kwa YAML kumawoneka motere (fayiloyo imapezeka kudzera pa ulalo wachindunji apa: .gitlab-ci.yml):

Zamkatimu za .gitlab-ci.yml

variables:
    DOCKER_HOST: "tcp://docker:2375/"
    DOCKERFILE: "mydockerfile.df" # name of the Dockerfile to analyse   
    DOCKERIMAGE: "bkimminich/juice-shop" # name of the Docker image to analyse
    # DOCKERIMAGE: "knqyf263/cve-2018-11235" # test Docker image with several CRITICAL CVE
    SHOWSTOPPER_PRIORITY: "CRITICAL" # what level of criticality will fail Trivy job
    TRIVYCACHE: "$CI_PROJECT_DIR/.cache" # where to cache Trivy database of vulnerabilities for faster reuse
    ARTIFACT_FOLDER: "$CI_PROJECT_DIR"
 
services:
    - docker:dind # to be able to build docker images inside the Runner
 
stages:
    - scan
    - report
    - publish
 
HadoLint:
    # Basic lint analysis of Dockerfile instructions
    stage: scan
    image: docker:git
 
    after_script:
    - cat $ARTIFACT_FOLDER/hadolint_results.json
 
    script:
    - export VERSION=$(wget -q -O - https://api.github.com/repos/hadolint/hadolint/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
    - wget https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 && chmod +x hadolint-Linux-x86_64
     
    # NB: hadolint will always exit with 0 exit code
    - ./hadolint-Linux-x86_64 -f json $DOCKERFILE > $ARTIFACT_FOLDER/hadolint_results.json || exit 0
 
    artifacts:
        when: always # return artifacts even after job failure       
        paths:
        - $ARTIFACT_FOLDER/hadolint_results.json
 
Dockle:
    # Analysing best practices about docker image (users permissions, instructions followed when image was built, etc.)
    stage: scan   
    image: docker:git
 
    after_script:
    - cat $ARTIFACT_FOLDER/dockle_results.json
 
    script:
    - export VERSION=$(wget -q -O - https://api.github.com/repos/goodwithtech/dockle/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
    - wget https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz && tar zxf dockle_${VERSION}_Linux-64bit.tar.gz
    - ./dockle --exit-code 1 -f json --output $ARTIFACT_FOLDER/dockle_results.json $DOCKERIMAGE   
     
    artifacts:
        when: always # return artifacts even after job failure       
        paths:
        - $ARTIFACT_FOLDER/dockle_results.json
 
Trivy:
    # Analysing docker image and package dependencies against several CVE bases
    stage: scan   
    image: docker:git
 
    script:
    # getting the latest Trivy
    - apk add rpm
    - export VERSION=$(wget -q -O - https://api.github.com/repos/knqyf263/trivy/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
    - wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz && tar zxf trivy_${VERSION}_Linux-64bit.tar.gz
     
    # displaying all vulnerabilities w/o failing the build
    - ./trivy -d --cache-dir $TRIVYCACHE -f json -o $ARTIFACT_FOLDER/trivy_results.json --exit-code 0 $DOCKERIMAGE    
    
    # write vulnerabilities info to stdout in human readable format (reading pure json is not fun, eh?). You can remove this if you don't need this.
    - ./trivy -d --cache-dir $TRIVYCACHE --exit-code 0 $DOCKERIMAGE    
 
    # failing the build if the SHOWSTOPPER priority is found
    - ./trivy -d --cache-dir $TRIVYCACHE --exit-code 1 --severity $SHOWSTOPPER_PRIORITY --quiet $DOCKERIMAGE
         
    artifacts:
        when: always # return artifacts even after job failure
        paths:
        - $ARTIFACT_FOLDER/trivy_results.json
 
    cache:
        paths:
        - .cache
 
Report:
    # combining tools outputs into one HTML
    stage: report
    when: always
    image: python:3.5
     
    script:
    - mkdir json
    - cp $ARTIFACT_FOLDER/*.json ./json/
    - pip install json2html
    - wget https://raw.githubusercontent.com/shad0wrunner/docker_cicd/master/convert_json_results.py
    - python ./convert_json_results.py
     
    artifacts:
        paths:
        - results.html

Ngati n'koyenera, mutha kuyang'ananso zithunzi zomwe zasungidwa mumtundu wa .tar archive (komabe, mufunika kusintha magawo olowera pazida zomwe zili mufayilo ya YAML)

NB: Trivy imafuna kuyika rpm и Pitani. Kupanda kutero, ipanga zolakwika mukasanthula zithunzi zochokera ku RedHat ndikulandila zosintha ku database yachiwopsezo.

2. Pambuyo powonjezera mafayilo kunkhokwe, molingana ndi malangizo omwe ali mufayilo yathu yosinthira, GitLab ingoyamba kupanga ndi kupanga sikani. Pa CI/CD → Mapaipi tabu mutha kuwona momwe malangizo akuyendera.

Zotsatira zake, tili ndi ntchito zinayi. Atatu aiwo amachita mwachindunji ndi sikani, ndipo womaliza (Ripoti) amatenga lipoti losavuta kuchokera kumafayilo amwazikana ndi zotsatira za sikani.

Mwachikhazikitso, Trivy imasiya kuthamanga ngati kusatetezeka kwa CRITICAL kwapezeka pachithunzipa kapena kudalira. Panthawi imodzimodziyo, Hadolint nthawi zonse amabwezera Kachidindo Yopambana chifukwa nthawi zonse imabweretsa ndemanga, zomwe zimapangitsa kuti kumanga kulekeze.

Kutengera zomwe mukufuna, mutha kukhazikitsa nambala yotuluka kuti zida izi zikazindikira zovuta zina, zimayimitsanso ntchito yomanga. Kwa ife, kumangako kuyimitsidwa kokha ngati Trivy azindikira kusatetezeka ndi zovuta zomwe tazitchula mu SHOWSTOPPER variable mu .gitlab-ci.yml.

Zotsatira za chida chilichonse zitha kuwonedwa mu chipika cha ntchito iliyonse yojambulira, mwachindunji mu mafayilo a json mu gawo lazopangapanga, kapena mu lipoti losavuta la HTML (zambiri pazomwe zili pansipa):

3. Kupereka malipoti ofunikira mu mawonekedwe owerengeka pang'ono ndi anthu, kalembedwe kakang'ono ka Python amagwiritsidwa ntchito kutembenuza mafayilo atatu a JSON kukhala fayilo imodzi ya HTML yokhala ndi tebulo la zolakwika.
Zolemba izi zimayambitsidwa ndi ntchito yosiyana ya Report, ndipo chojambula chake chomaliza ndi fayilo ya HTML yokhala ndi lipoti. Gwero la script lilinso munkhokwe ndipo litha kusinthidwa kuti ligwirizane ndi zosowa zanu, mitundu, ndi zina.

Shell script

Njira yachiwiri ndiyoyenera milandu yomwe muyenera kuyang'ana zithunzi za Docker kunja kwa dongosolo la CI / CD kapena muyenera kukhala ndi malangizo onse mu mawonekedwe omwe atha kuchitidwa mwachindunji kwa wolandirayo. Izi zimakutidwa ndi chipolopolo chopangidwa kale chomwe chimatha kuyendetsedwa pamakina oyera (kapena enieni). Cholembacho chimapereka malangizo omwewo monga gitlab-runner yomwe yafotokozedwa pamwambapa.

Kuti script iyende bwino, Docker iyenera kukhazikitsidwa pamakina ndipo wogwiritsa ntchito pano ayenera kukhala pagulu la docker.

Script yokha ingapezeke apa: docker_sec_check.sh

Kumayambiriro kwa fayilo, zosintha zimawonetsa kuti ndi chithunzi chiti chomwe chiyenera kufufuzidwa komanso kuti ndi zolakwika ziti zomwe zingapangitse kuti pulogalamu ya Trivy ituluke ndi nambala yolakwika.

Pakukhazikitsa script, zida zonse zidzatsitsidwa ku chikwatu docker_zida, zotsatira za ntchito yawo zili m'ndandanda docker_tools/json, ndipo HTML yokhala ndi lipoti idzakhala mufayilo zotsatira.html.

Chitsanzo chotulutsa script

~/docker_cicd$ ./docker_sec_check.sh

[+] Setting environment variables
[+] Installing required packages
[+] Preparing necessary directories
[+] Fetching sample Dockerfile
2020-10-20 10:40:00 (45.3 MB/s) - ‘Dockerfile’ saved [8071/8071]
[+] Pulling image to scan
latest: Pulling from bkimminich/juice-shop
[+] Running Hadolint
...
Dockerfile:205 DL3015 Avoid additional packages by specifying `--no-install-recommends`
Dockerfile:248 DL3002 Last USER should not be root
...
[+] Running Dockle
...
WARN    - DKL-DI-0006: Avoid latest tag
        * Avoid 'latest' tag
INFO    - CIS-DI-0005: Enable Content trust for Docker
        * export DOCKER_CONTENT_TRUST=1 before docker pull/build
...
[+] Running Trivy
juice-shop/frontend/package-lock.json
=====================================
Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

+---------------------+------------------+----------+---------+-------------------------+
|       LIBRARY       | VULNERABILITY ID | SEVERITY | VERSION |             TITLE       |
+---------------------+------------------+----------+---------+-------------------------+
| object-path         | CVE-2020-15256   | HIGH     | 0.11.4  | Prototype pollution in  |
|                     |                  |          |         | object-path             |
+---------------------+------------------+          +---------+-------------------------+
| tree-kill           | CVE-2019-15599   |          | 1.2.2   | Code Injection          |
+---------------------+------------------+----------+---------+-------------------------+
| webpack-subresource | CVE-2020-15262   | LOW      | 1.4.1   | Unprotected dynamically |
|                     |                  |          |         | loaded chunks           |
+---------------------+------------------+----------+---------+-------------------------+

juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)

...

juice-shop/package-lock.json
============================
Total: 5 (CRITICAL: 5)

...
[+] Removing left-overs
[+] Making the output look pretty
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.html

Chithunzi cha Docker chokhala ndi zida zonse

Monga njira yachitatu, ndinapanga ma Dockerfiles awiri osavuta kuti apange chithunzi chokhala ndi chitetezo. Dockerfile imodzi ithandizira kupanga seti yowunikira chithunzi kuchokera kumalo osungirako, yachiwiri (Dockerfile_tar) ithandizira kupanga seti yosanthula fayilo ya tar ndi chithunzi.

1. Tengani fayilo ya Docker yofananira ndi zolemba kuchokera kumalo osungirako https://github.com/Swordfish-Security/docker_cicd/tree/master/Dockerfile.
2. Timayiyambitsa kuti igwirizane:

docker build -t dscan:image -f docker_security.df .

3. Msonkhano ukatha, timapanga chidebe kuchokera pa chithunzicho. Nthawi yomweyo, timadutsa DOCERIMAGE chilengedwe chosinthika ndi dzina la chithunzi chomwe timakonda ndikuyika Dockerfile yomwe tikufuna kuyisanthula kuchokera pamakina athu kupita ku fayilo. /Dockerfile (Dziwani kuti njira yofikira fayilo ndiyofunika):

docker run --rm -v $(pwd)/results:/results -v $(pwd)/docker_security.df:/Dockerfile -e DOCKERIMAGE="bkimminich/juice-shop" dscan:image


[+] Setting environment variables
[+] Running Hadolint
/Dockerfile:3 DL3006 Always tag the version of an image explicitly
[+] Running Dockle
WARN    - DKL-DI-0006: Avoid latest tag
        * Avoid 'latest' tag
INFO    - CIS-DI-0005: Enable Content trust for Docker
        * export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO    - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
        * not found HEALTHCHECK statement
INFO    - DKL-LI-0003: Only put necessary files
        * unnecessary file : juice-shop/node_modules/sqlite3/Dockerfile
        * unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm64/Dockerfile
        * unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm/Dockerfile
[+] Running Trivy
...
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
[+] Making the output look pretty
[+] Starting the main module ============================================================
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.html

Zotsatira

Tidayang'ana gawo limodzi lokha la zida zowunikira zinthu zakale za Docker, zomwe, m'malingaliro mwanga, zimakwaniritsa bwino gawo lachitetezo chazithunzi. Palinso zida zambiri zolipiridwa komanso zaulere zomwe zimatha kuchita cheke chofanana, kujambula malipoti okongola kapena kugwira ntchito molimbika, kuwongolera kasamalidwe ka chidebe, ndi zina zambiri .

Ubwino wa zida zomwe zafotokozedwa m'nkhaniyi ndikuti onse ndi otseguka ndipo mutha kuyesa nawo ndi zida zina zofananira kuti mupeze zomwe zikugwirizana ndi zosowa zanu ndi zomangamanga. Zoonadi, zofooka zonse zomwe zimapezeka ziyenera kuphunziridwa kuti zigwiritsidwe ntchito muzochitika zinazake, koma uwu ndi mutu wa nkhani yaikulu yamtsogolo.

Ndikukhulupirira kuti bukhuli, zolemba ndi zofunikira zidzakuthandizani ndikukhala poyambira pakupanga malo otetezeka kwambiri pazakudya.

Source: www.habr.com

Njira ndi zitsanzo zogwiritsira ntchito zida zowunikira chitetezo cha Docker