Ei Habr!
I le mea moni faʻaonaponei, ona o le tuputupu aʻe o le faʻaogaina o containerization i faʻagasologa o atinaʻe, o le mataupu o le faʻamautinoaina o le saogalemu o laʻasaga eseese ma faʻalapotopotoga e fesoʻotaʻi ma pusa e le o se mataupu sili ona taua. O le faia o siaki tusi e alu ai le taimi, ma o se manatu lelei le faia o ni laasaga muamua i le faʻaogaina o lenei faiga.
I totonu o lenei tusiga, o le a ou faʻasoa atu tusitusiga ua saunia mo le faʻatinoina o le tele o faʻaoga saogalemu a Docker ma faʻatonuga i le faʻaogaina o se tamaʻi faʻataʻitaʻiga e faʻataʻitaʻi ai lenei faagasologa. E mafai ona e faʻaogaina mea e faʻataʻitaʻi ai pe faʻapefea ona faʻatulagaina le faagasologa o le suʻeina o le saogalemu o ata Dockerfile ma faʻatonuga. E manino lava o le atinaʻeina o tagata uma ma le faʻatinoina o atinaʻe e eseese, o lea o loʻo i lalo o le a ou tuʻuina atu ni filifiliga talafeagai.
Mea faigaluega siaki saogalemu
O loʻo i ai se numera tele o fesoasoani fesoasoani ma faʻamaumauga e faia siaki i vaega eseese o le Docker infrastructure. O nisi oi latou ua uma ona faamatalaina i le mataupu muamua (), ma i lenei mea ou te manaʻo e taulaʻi atu i le tolu o latou, e aofia ai le tele o mea e manaʻomia mo le saogalemu mo ata Docker na fausia i le taimi o le atinaʻe. E le gata i lea, o le a ou faʻaalia foi se faʻataʻitaʻiga o le auala e mafai ai ona faʻafesoʻotaʻi nei mea aoga e tolu i totonu o le paipa e tasi e faia ai siaki saogalemu.
Hadolint
O se faʻaoga faʻamafanafana faigofie e fesoasoani, e pei o se faʻatusatusaga muamua, iloilo le saʻo ma le saogalemu o faʻatonuga Dockerfile (mo se faʻataʻitaʻiga, faʻaaogaina naʻo le resitalaina o ata faʻatagaina poʻo le faʻaaogaina o sudo).
Fa'amau
O se faʻaoga faʻamafanafanaga e galue ma se ata (poʻo se faʻamaumauga faʻapipiʻi o se ata), e siaki ai le saʻo ma le saogalemu o se ata faʻapitoa e pei o lea, suʻesuʻeina ona laulau ma faʻatulagaga - o mea e faʻaaogaina, o faʻatonuga e faʻaaogaina, lea o loʻo faʻapipiʻiina voluma, o loʻo i ai se faʻaupuga gaogao, ma isi. d. E oʻo mai i le taimi nei o le numera o siaki e le tele tele ma faʻavae i luga o le tele oa tatou siaki ma fautuaga mo Docker.
Trivy
O lenei aoga e faʻatatau i le sailia o ni ituaiga faʻafitauli se lua - faʻafitauli i le OS fausia (lagolagoina e Alpine, RedHat (EL), CentOS, Debian GNU, Ubuntu) ma faʻafitauli i faʻalagolago (Gemfile.lock, Pipfile.lock, composer.lock, afifi. -loka.json , yarn.lock, cargo.lock). E mafai e Trivy ona suʻesuʻeina uma se ata i totonu o le fale teu oloa ma se ata faʻapitonuʻu, ma e mafai foi ona faʻataʻitaʻiina e faʻavae i luga o le faila .tar faʻafeiloaʻi ma le ata Docker.
Filifiliga mo le faʻatinoina o mea aoga
Ina ia faʻataʻitaʻi faʻamatalaga faʻamatalaga i se siosiomaga tuʻufua, o le a ou tuʻuina atu faʻatonuga mo le faʻapipiʻiina o mea aoga uma i se faiga faʻafaigofie.
O le manatu autu o le faʻaalia lea pe faʻafefea ona e faʻatinoina le faʻamaonia o mea otometi o ata o Dockerfiles ma Docker na faia i le taimi o le atinaʻe.
O le siaki lava ia e aofia ai laasaga nei:
- Siakiina le sa'o ma le saogalemu o fa'atonuga a Dockerfile e fa'aaoga ai se fa'aoga linter Hadolint
- Siaki le sa'o ma le saogalemu o ata mulimuli ma vaeluagalemu e fa'aaoga ai se aoga Fa'amau
- Siaki mo le i ai o faʻafitauli faʻalauiloa lautele (CVE) i le ata faʻavae ma le tele o faʻalagolago - faʻaaogaina le aoga Trivy
Mulimuli ane i le tusiga o le a ou tuʻuina atu ni filifiliga se tolu mo le faʻatinoina o laasaga nei:
Muamua o le faʻatulagaina o le CI / CD pipeline e faʻaaoga ai GitLab e fai ma faʻataʻitaʻiga (faʻatasi ai ma se faʻamatalaga o le faagasologa o le faʻatupuina o se suʻega faʻataʻitaʻiga).
O le lona lua o le faʻaaogaina o se atigi tusitusiga.
O le lona tolu e aofia ai le fausiaina o se ata Docker e suʻe ata Docker.
E mafai ona e filifilia le filifiliga e fetaui ma oe, faʻafeiloaʻi i au atinaʻe ma faʻafetaui i ou manaʻoga.
O faila uma e manaʻomia ma faʻatonuga faʻaopoopo o loʻo iai foi i totonu o le fale teu oloa:
Fa'atasi ile GitLab CI/CD
I le filifiliga muamua, o le a matou vaʻavaʻai pe faʻapefea ona e faʻatinoina siaki saogalemu e faʻaaoga ai le GitLab repository system e fai ma faʻataʻitaʻiga. O iinei o le a tatou uia ai laasaga ma mafaufau pe faʻafefea ona faʻapipiʻi se siosiomaga faʻataʻitaʻiga ma GitLab mai le sasa, fatuina se faiga suʻesuʻe ma faʻalauiloa mea aoga mo le siakiina o le Dockerfile suʻega ma se ata faʻafuaseʻi - le talosaga JuiceShop.
Fa'apipi'i GitLab
1. Fa'apipi'i le Docker:
sudo apt-get update && sudo apt-get install docker.io2. Faʻaopoopo le tagata faʻaoga o loʻo i ai nei i le vaega faʻapipiʻi ina ia mafai ona e galue ma le docker e aunoa ma le faʻaogaina o sudo:
sudo addgroup <username> docker3. Su'e lau IP:
ip addr4. Faʻapipiʻi ma faʻalauiloa GitLab i totonu o le koneteina, sui le tuatusi IP ile igoa talimalo ile oe lava:
docker run --detach
--hostname 192.168.1.112
--publish 443:443 --publish 80:80
--name gitlab
--restart always
--volume /srv/gitlab/config:/etc/gitlab
--volume /srv/gitlab/logs:/var/log/gitlab
--volume /srv/gitlab/data:/var/opt/gitlab
gitlab/gitlab-ce:latestMatou te faʻatali seʻia maeʻa e GitLab faiga faʻapipiʻi talafeagai uma (e mafai ona e mataʻituina le faagasologa e ala i le faila faila faila: docker logs -f gitlab).
5. Tatala lau IP faʻapitonuʻu i le suʻega ma vaʻai i se itulau o loʻo fai atu ia te oe e sui le faʻaupuga mo le tagata faʻaoga aʻa:
Seti se upu faataga fou ma alu ile GitLab.
6. Fausia se poloketi fou, mo se faʻataʻitaʻiga cicd-test ma amata i le faila amata FAITAU.md:
7. O le taimi nei e manaʻomia le faʻapipiʻiina o le GitLab Runner: o se sooupu e faʻatautaia uma gaioiga talafeagai i luga ole talosaga.
Sii mai le lomiga fou (i lenei tulaga, mo Linux 64-bit):
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd648. Fai ia mafai ona faatino:
sudo chmod +x /usr/local/bin/gitlab-runner9. Fa'aopoopo se tagata fa'aoga OS mo Runner ma amata le auaunaga:
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner startE tatau ona foliga e pei o lenei:
local@osboxes:~$ sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
Runtime platform arch=amd64 os=linux pid=8438 revision=0e5417a3 version=12.0.1
local@osboxes:~$ sudo gitlab-runner start
Runtime platform arch=amd64 os=linux pid=8518 revision=0e5417a3 version=12.0.1
10. O lea ua matou resitalaina le Runner ina ia mafai ona fegalegaleai ma le matou GitLab faʻataʻitaʻiga.
Ina ia faia lenei mea, tatala le Seti-CI/CD itulau (http://OUR_IP_ADDRESS/root/cicd-test/-/settings/ci_cd) ma i luga o le Runners tab saili le URL ma le Resitala faailoga:
11. Resitala Runner e ala i le suia o le URL ma le Resitala faailoga:
sudo gitlab-runner register
--non-interactive
--url "http://<URL>/"
--registration-token "<Registration Token>"
--executor "docker"
--docker-privileged
--docker-image alpine:latest
--description "docker-runner"
--tag-list "docker,privileged"
--run-untagged="true"
--locked="false"
--access-level="not_protected"O le iʻuga, matou te maua se GitLab galue, lea matou te manaʻomia e faʻaopoopo ai faʻatonuga e amata ai a matou mea aoga. I totonu o lenei faʻataʻitaʻiga e leai ni a matou laasaga e fausia ai le talosaga ma faʻapipiʻiina, ae i se siosiomaga moni o le a muamua atu i laasaga o suʻesuʻega ma gaosia ata ma se Dockerfile mo le auiliiliga.
fa'atulagaina o paipa
1. Faaopoopo faila i le fale teu oloa mydockerfile.df (o se suʻega Dockerfile lea o le a matou siakiina) ma le GitLab CI / CD faʻasologa faila faila .gitlab-cicd.yml, o lo'o lisiina ai fa'atonuga mo tagata su'e (mata'i le togi i le igoa faila).
O le faila faʻatulagaina o le YAML o loʻo i ai faʻatonuga e faʻatautaia ai mea aoga e tolu (Hadolint, Dockle, ma Trivy) o le a suʻeina le Dockerfile filifilia ma le ata o loʻo faʻamaonia i le DOCKERFILE fesuiaiga. O faila uma e manaʻomia e mafai ona ave mai le fale teu oloa:
Sii mai mydockerfile.df (o se faila faʻapitoa lea ma se seti o faʻatonuga faʻapitoa e faʻaalia ai le faʻaogaina o le aoga). So'oga sa'o ile faila:
Anotusi o mydockerfile.df
FROM amd64/node:10.16.0-alpine@sha256:f59303fb3248e5d992586c76cc83e1d3700f641cbcd7c0067bc7ad5bb2e5b489 AS tsbuild
COPY package.json .
COPY yarn.lock .
RUN yarn install
COPY lib lib
COPY tsconfig.json tsconfig.json
COPY tsconfig.app.json tsconfig.app.json
RUN yarn build
FROM amd64/ubuntu:18.04@sha256:eb70667a801686f914408558660da753cde27192cd036148e58258819b927395
LABEL maintainer="Rhys Arkins <[email protected]>"
LABEL name="renovate"
...
COPY php.ini /usr/local/etc/php/php.ini
RUN cp -a /tmp/piik/* /var/www/html/
RUN rm -rf /tmp/piwik
RUN chown -R www-data /var/www/html
ADD piwik-cli-setup /piwik-cli-setup
ADD reset.php /var/www/html/
## ENTRYPOINT ##
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
USER rootO le faʻatulagaga YAML e pei o lenei (o le faila lava ia e mafai ona maua e ala i le fesoʻotaʻiga tuusaʻo iinei: ):
I totonu ole .gitlab-ci.yml
variables:
DOCKER_HOST: "tcp://docker:2375/"
DOCKERFILE: "mydockerfile.df" # name of the Dockerfile to analyse
DOCKERIMAGE: "bkimminich/juice-shop" # name of the Docker image to analyse
# DOCKERIMAGE: "knqyf263/cve-2018-11235" # test Docker image with several CRITICAL CVE
SHOWSTOPPER_PRIORITY: "CRITICAL" # what level of criticality will fail Trivy job
TRIVYCACHE: "$CI_PROJECT_DIR/.cache" # where to cache Trivy database of vulnerabilities for faster reuse
ARTIFACT_FOLDER: "$CI_PROJECT_DIR"
services:
- docker:dind # to be able to build docker images inside the Runner
stages:
- scan
- report
- publish
HadoLint:
# Basic lint analysis of Dockerfile instructions
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/hadolint_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/hadolint/hadolint/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 && chmod +x hadolint-Linux-x86_64
# NB: hadolint will always exit with 0 exit code
- ./hadolint-Linux-x86_64 -f json $DOCKERFILE > $ARTIFACT_FOLDER/hadolint_results.json || exit 0
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/hadolint_results.json
Dockle:
# Analysing best practices about docker image (users permissions, instructions followed when image was built, etc.)
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/dockle_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/goodwithtech/dockle/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz && tar zxf dockle_${VERSION}_Linux-64bit.tar.gz
- ./dockle --exit-code 1 -f json --output $ARTIFACT_FOLDER/dockle_results.json $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/dockle_results.json
Trivy:
# Analysing docker image and package dependencies against several CVE bases
stage: scan
image: docker:git
script:
# getting the latest Trivy
- apk add rpm
- export VERSION=$(wget -q -O - https://api.github.com/repos/knqyf263/trivy/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz && tar zxf trivy_${VERSION}_Linux-64bit.tar.gz
# displaying all vulnerabilities w/o failing the build
- ./trivy -d --cache-dir $TRIVYCACHE -f json -o $ARTIFACT_FOLDER/trivy_results.json --exit-code 0 $DOCKERIMAGE
# write vulnerabilities info to stdout in human readable format (reading pure json is not fun, eh?). You can remove this if you don't need this.
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 0 $DOCKERIMAGE
# failing the build if the SHOWSTOPPER priority is found
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 1 --severity $SHOWSTOPPER_PRIORITY --quiet $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/trivy_results.json
cache:
paths:
- .cache
Report:
# combining tools outputs into one HTML
stage: report
when: always
image: python:3.5
script:
- mkdir json
- cp $ARTIFACT_FOLDER/*.json ./json/
- pip install json2html
- wget https://raw.githubusercontent.com/shad0wrunner/docker_cicd/master/convert_json_results.py
- python ./convert_json_results.py
artifacts:
paths:
- results.htmlAfai e manaʻomia, e mafai foʻi ona e suʻesuʻeina ata faʻapolopolo i le tulaga o se .tar archive (peitaʻi, e te manaʻomia le suia o mea faʻaoga mo mea aoga i le faila YAML)
NB: Trivy e manaʻomia faʻapipiʻi tpm и git. A leai, o le a faʻatupuina mea sese pe a suʻesuʻeina ata faʻavae RedHat ma mauaina faʻafouga i le faʻamaumauga faʻaletonu.
2. A maeʻa ona faʻapipiʻi faila i le fale teu oloa, e tusa ai ma faʻatonuga i la matou faila faʻatulagaina, GitLab o le a otometi lava ona amata le fausiaina ma le suʻesuʻeina o le faagasologa. I luga o le CI/CD → Pipelines tab e mafai ona e vaʻai i le alualu i luma o faʻatonuga.
O le taunuuga, e fa a matou galuega. E tolu i latou e feagai tonu ma le suʻesuʻeina, ma o le mea mulimuli (Lipoti) e aoina mai se lipoti faigofie mai faila faʻasalalau faʻatasi ai ma taunuuga suʻesuʻe.
E le mafai, Trivy taofi le tamoe pe a iloa CRITICAL vaivai i le ata poʻo faʻalagolago. I le taimi lava e tasi, e toe faʻafoʻi mai e Hadolint se code Success ona e faʻaalia i taimi uma i faʻamatalaga, e mafua ai ona taofi le fausiaina.
Faʻalagolago i ou manaʻoga faʻapitoa, e mafai ona e faʻapipiʻi se code exit ina ia iloa ai e nei mea aoga faʻafitauli o se tulaga taua, latou te taofia foʻi le faiga o le fausiaina. I la matou tulaga, o le a taofi le fausiaina pe a iloa e Trivy se faʻafitauli ma le taua tele na matou faʻamaonia i le SHOWSTOPPER fesuiaiga i .gitlab-ci.yml.
O le taunuuga o aoga taitasi e mafai ona vaʻaia i le ogalaau o galuega suʻesuʻe taʻitasi, tuusaʻo i faila json i le vaega o mea taua, poʻo se lipoti HTML faigofie (sili atu i lalo ifo):
3. Ina ia tuʻuina atu faʻamatalaga aoga i se foliga sili atu ona mafai e le tagata ona faitau, o se faʻamatalaga Python laʻititi e faʻaaogaina e faʻaliliu ai faila JSON e tolu i se faila HTML e tasi ma se laulau o faaletonu.
O lenei tusitusiga o loʻo faʻalauiloaina e se isi Lipoti galuega, ma o lona faʻamatalaga mulimuli o se faila HTML ma se lipoti. O loʻo iai foʻi le puna o tusitusiga i totonu o le fale teu oloa ma e mafai ona fetuunai e fetaui ma ou manaʻoga, lanu, ma isi.
Tusia atigi
O le filifiliga lona lua e talafeagai mo mataupu pe a manaʻomia le siakiina o ata Docker i fafo atu o le CI / CD system pe e te manaʻomia le i ai o faʻatonuga uma i se fomu e mafai ona faʻatinoina saʻo i luga o le talimalo. O lenei filifiliga o lo'o ufiufiina e se fa'ailoga atigi saunia e mafai ona fa'atautaia i luga o se masini mama mama (pe moni). O loʻo faʻatinoina e le tusitusiga faʻatonuga tutusa e pei o le gitlab-runner o loʻo faʻamatalaina i luga.
Mo le faʻamaumauga e faʻatautaia lelei, e tatau ona faʻapipiʻi Docker i luga o le polokalama ma o le tagata o loʻo iai nei e tatau ona i ai i le vaega faʻapipiʻi.
O le tusitusiga lava ia e mafai ona maua iinei:
I le amataga o le faila, o fesuiaiga e faʻamaonia ai po o fea ata e manaʻomia ona suʻeina ma o a faʻafitauli matuia e mafua ai ona alu ese le aoga Trivy ma le faʻailoga sese.
I le taimi o le faʻatinoina o tusitusiga, o mea aoga uma o le a laʻuina i luga o le lisi docker_tools, o taunuuga o la latou galuega o loʻo i totonu o le lisi docker_tools/json, ma le HTML ma le lipoti o le ai ai i le faila results.html.
Fa'ata'ita'iga fa'asologa o tusitusiga
~/docker_cicd$ ./docker_sec_check.sh
[+] Setting environment variables
[+] Installing required packages
[+] Preparing necessary directories
[+] Fetching sample Dockerfile
2020-10-20 10:40:00 (45.3 MB/s) - ‘Dockerfile’ saved [8071/8071]
[+] Pulling image to scan
latest: Pulling from bkimminich/juice-shop
[+] Running Hadolint
...
Dockerfile:205 DL3015 Avoid additional packages by specifying `--no-install-recommends`
Dockerfile:248 DL3002 Last USER should not be root
...
[+] Running Dockle
...
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
...
[+] Running Trivy
juice-shop/frontend/package-lock.json
=====================================
Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
+---------------------+------------------+----------+---------+-------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | VERSION | TITLE |
+---------------------+------------------+----------+---------+-------------------------+
| object-path | CVE-2020-15256 | HIGH | 0.11.4 | Prototype pollution in |
| | | | | object-path |
+---------------------+------------------+ +---------+-------------------------+
| tree-kill | CVE-2019-15599 | | 1.2.2 | Code Injection |
+---------------------+------------------+----------+---------+-------------------------+
| webpack-subresource | CVE-2020-15262 | LOW | 1.4.1 | Unprotected dynamically |
| | | | | loaded chunks |
+---------------------+------------------+----------+---------+-------------------------+
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
juice-shop/package-lock.json
============================
Total: 5 (CRITICAL: 5)
...
[+] Removing left-overs
[+] Making the output look pretty
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlAta Docker ma mea aoga uma
I le isi itu lona tolu, na ou tuufaatasia ni Dockerfiles faigofie se lua e fatu ai se ata ma mea faʻaoga saogalemu. O le tasi Dockerfile o le a fesoasoani e fausia se seti mo le suʻeina o se ata mai se fale teu oloa, o le lona lua (Dockerfile_tar) o le a fesoasoani e fausia se seti mo le suʻeina o se faila tar ma se ata.
1. Ave le faila o le Docker ma tusitusiga mai le fale teu oloa .
2. Matou te tatalaina mo le faʻapotopotoga:
docker build -t dscan:image -f docker_security.df .
3. A maeʻa le faʻapotopotoga, matou te faia se atigipusa mai le ata. I le taimi lava e tasi, matou te pasia le DOCKERIMAGE environment variable ma le igoa o le ata matou te fiafia i ai ma faʻapipiʻi le Dockerfile matou te mananaʻo e iloilo mai la matou masini i le faila. /Dockerfile (ia maitauina o le auala atoatoa i lenei faila e manaʻomia):
docker run --rm -v $(pwd)/results:/results -v $(pwd)/docker_security.df:/Dockerfile -e DOCKERIMAGE="bkimminich/juice-shop" dscan:image
[+] Setting environment variables
[+] Running Hadolint
/Dockerfile:3 DL3006 Always tag the version of an image explicitly
[+] Running Dockle
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
* not found HEALTHCHECK statement
INFO - DKL-LI-0003: Only put necessary files
* unnecessary file : juice-shop/node_modules/sqlite3/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm64/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm/Dockerfile
[+] Running Trivy
...
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
[+] Making the output look pretty
[+] Starting the main module ============================================================
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlIʻuga
Na matou vaʻavaʻai i naʻo le tasi seti o faʻaoga mo le suʻeina o meafaitino a Docker, lea, i loʻu manatu, e matuaʻi atoatoa ona aofia ai se vaega lelei o manaʻoga saogalemu o ata. O loʻo i ai foi se numera tele o mea faigaluega totogi ma leai se totogi e mafai ona faia siaki tutusa, tusi tala matagofie pe galue mama i le faʻamafanafanaga, faʻapipiʻi faiga faʻapipiʻi pusa, ma isi. .
O le mea lelei e uiga i le seti o mea faigaluega o loʻo faʻamatalaina i lenei tusiga o loʻo faʻaalia uma ma e mafai ona e faʻataʻitaʻi ma i latou ma isi mea faigaluega tutusa e suʻe ai mea e fetaui ma ou manaʻoga ma atinaʻe. O le mea moni, o faʻafitauli uma e maua e tatau ona suʻesuʻeina mo le faʻaogaina i tulaga faʻapitoa, ae o se autu lea mo se tusiga tele i le lumanaʻi.
Ou te faʻamoemoe o lenei taʻiala, tusitusiga ma mea aoga o le a fesoasoani ia te oe ma avea ma amataga mo le fatuina o se atinaʻe sili atu ona malupuipuia i le vaega o le faʻapipiʻiina.
puna: www.habr.com