Sawubona Habr!
Eqinisweni, ngenxa yendima ekhulayo yokufakwa kwamabhokisi ezinqubweni zokuthuthukiswa, indaba yokuqinisekisa ukuvikeleka kwezigaba ezihlukahlukene kanye nezinhlangano ezihlobene neziqukathi akuyona indaba ebaluleke kakhulu. Ukuhlola okwenziwa ngesandla kudla isikhathi, ngakho kungaba umqondo omuhle ukuthatha okungenani izinyathelo zokuqala zokwenza le nqubo ngokuzenzakalelayo.
Kulesi sihloko, ngizokwabelana ngemibhalo esenziwe ngomumo yokusebenzisa izinsiza zokuphepha ze-Docker ezimbalwa kanye nemiyalo yokuthi ungasifaka kanjani isitendi esincane sedemo ukuhlola le nqubo. Ungasebenzisa izinto zokusebenza ukuzama ukuthi ungayihlela kanjani inqubo yokuhlola ukuphepha kwezithombe nemiyalelo ye-Dockerfile. Kuyacaca ukuthi ingqalasizinda yokuthuthukiswa kanye nokusetshenziswa kwawo wonke umuntu ihlukile, ngakho-ke ngezansi ngizohlinzeka ngezinketho ezimbalwa ezingenzeka.
Izinsiza zokuhlola ukuphepha
Kunenani elikhulu lezinhlelo zokusebenza ezihlukene zomsizi kanye nemibhalo ehlola izici ezahlukahlukene zengqalasizinda ye-Docker. Ezinye zazo sezichazwe esihlokweni esandulele (), futhi kulokhu okuqukethwe ngithanda ukugxila kokuthathu kwakho, okuhlanganisa ingxenye enkulu yezidingo zokuphepha zezithombe ze-Docker ezakhiwe ngesikhathi senqubo yokuthuthukiswa. Ngaphezu kwalokho, ngizophinde ngibonise isibonelo sokuthi lezi zinsiza ezintathu zingaxhunywa kanjani epayipini elilodwa ukuze ngenze ukuhlola kokuphepha.
I-Hadolint
Uhlelo olulula lwekhonsoli olusiza, njengokuqagela kokuqala, ukuhlola ukunemba nokuphepha kwemiyalelo ye-Dockerfile (isibonelo, kusetshenziswa kuphela okubhaliswa kwezithombe ezigunyaziwe noma ukusebenzisa i-sudo).
Idokhi
Isisetshenziswa sekhonsoli esisebenza nesithombe (noma esinengobo yomlando yetiyela egciniwe yesithombe), ehlola ukulunga nokuvikeleka kwesithombe esithile njengoba kunjalo, ihlaziya izendlalelo zaso kanye nokucushwa - okudalwa abasebenzisi, kusetshenziswa imiyalelo, okuyinto amavolumu afakiwe, ukuba khona kwephasiwedi engenalutho, njll. d. Kuze kube manje inani lokuhlola alilikhulu kakhulu futhi lisekelwe ekuhloleni kwethu okuningana kanye nezincomo kwe-Docker.
I-Trivy
Lolu hlelo lokusebenza luhloselwe ukuthola izinhlobo ezimbili zobungozi - izinkinga ngokwakhiwa kwe-OS (okusekelwe yi-Alpine, i-RedHat (EL), i-CentOS, i-Debian GNU, Ubuntu) nezinkinga zokuncika (Gemfile.lock, Pipfile.lock, composer.lock, iphakheji -lock.json , yarn.lock, cargo.lock). I-Trivy ingakwazi ukuskena kokubili isithombe esikunqolobane nesithombe sendawo, futhi ingaskena ngokusekelwe kufayela le-.tar elidlulisiwe elinesithombe se-Docker.
Izinketho zokusebenzisa izinsiza
Ukuze uzame izinhlelo zokusebenza ezichaziwe endaweni engayodwa, ngizonikeza imiyalelo yokufaka zonke izinsiza ngenqubo eyenziwe lula.
Umqondo oyinhloko ukukhombisa ukuthi ungakusebenzisa kanjani ukuqinisekiswa kokuqukethwe okuzenzakalelayo kwezithombe ze-Dockerfiles ne-Docker ezidalwe ngesikhathi sokuthuthukiswa.
Isheke ngokwalo linezinyathelo ezilandelayo:
- Ihlola ukulunga nokuphepha kwemiyalo ye-Dockerfile usebenzisa i-linter utility I-Hadolint
- Ukuhlola ukulunga nokuphepha kwezithombe zokugcina nezimaphakathi usebenzisa insiza Idokhi
- Ihlola ukuba khona kobungozi obaziwayo esidlangalaleni (CVE) esithombeni esiyisisekelo kanye nenani lokuncika - kusetshenziswa insiza I-Trivy
Kamuva esihlokweni ngizonikeza izinketho ezintathu zokusebenzisa lezi zinyathelo:
Esokuqala siwukumisa ipayipi le-CI/CD kusetshenziswa i-GitLab njengesibonelo (ngencazelo yenqubo yokukhulisa isenzakalo sokuhlola).
Okwesibili kusetshenziswa umbhalo wegobolondo.
Okwesithathu kufaka phakathi ukwakha isithombe se-Docker ukuskena izithombe ze-Docker.
Ungakhetha inketho ekufanele kakhulu, uyidlulisele kungqalasizinda yakho futhi uyivumelanise nezidingo zakho.
Wonke amafayela adingekayo kanye nemiyalelo eyengeziwe nakho kutholakala endaweni yokugcina:
Ukuhlanganiswa ku-GitLab CI/CD
Kwinketho yokuqala, sizobheka ukuthi ungakusebenzisa kanjani ukuhlola kokuphepha usebenzisa uhlelo lwe-GitLab repository njengesibonelo. Lapha sizodlula ezinyathelweni futhi sithole ukuthi singayifaka kanjani indawo yokuhlola nge-GitLab kusukela ekuqaleni, sidale inqubo yokuskena futhi sethule izinsiza zokuhlola i-Dockerfile yokuhlola kanye nesithombe esingahleliwe - uhlelo lokusebenza lwe-JuiceShop.
Ifaka i-GitLab
1. Faka i-Docker:
sudo apt-get update && sudo apt-get install docker.io2. Engeza umsebenzisi wamanje eqenjini le-docker ukuze ukwazi ukusebenza ne-docker ngaphandle kokusebenzisa i-sudo:
sudo addgroup <username> docker3. Thola i-IP yakho:
ip addr4. Faka futhi uqalise i-GitLab esitsheni, esikhundleni sekheli le-IP kugama lomethuleli ngelakho:
docker run --detach
--hostname 192.168.1.112
--publish 443:443 --publish 80:80
--name gitlab
--restart always
--volume /srv/gitlab/config:/etc/gitlab
--volume /srv/gitlab/logs:/var/log/gitlab
--volume /srv/gitlab/data:/var/opt/gitlab
gitlab/gitlab-ce:latestSilinda kuze kube yilapho i-GitLab iqeda zonke izinqubo zokufaka ezidingekayo (ungaqapha inqubo ngokuphuma kwefayela lokungena: logs docker -f gitlab).
5. Vula i-IP yangakini esipheqululini futhi ubone ikhasi elikucela ukuthi uguqule iphasiwedi yomsebenzisi oyimpande:
Setha iphasiwedi entsha bese uya ku-GitLab.
6. Dala iphrojekthi entsha, isibonelo i-cicd-test futhi uyiqalise ngefayela lokuqala README.md:
7. Manje sidinga ukufaka i-GitLab Runner: i-ejenti ezoqhuba yonke imisebenzi edingekayo uma uyicela.
Landa inguqulo yakamuva (kulokhu, ye-Linux 64-bit):
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd648. Yenze isebenziseke:
sudo chmod +x /usr/local/bin/gitlab-runner9. Engeza umsebenzisi we-OS we-Runner bese uqala isevisi:
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner startKufanele ibukeke kanje:
local@osboxes:~$ sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
Runtime platform arch=amd64 os=linux pid=8438 revision=0e5417a3 version=12.0.1
local@osboxes:~$ sudo gitlab-runner start
Runtime platform arch=amd64 os=linux pid=8518 revision=0e5417a3 version=12.0.1
10. Manje sibhalisa i-Runner ukuze ikwazi ukusebenzisana nesibonelo sethu se-GitLab.
Ukuze wenze lokhu, vula ikhasi elithi Izilungiselelo-CI/CD (http://OUR_IP_ADDRESS/root/cicd-test/-/settings/ci_cd) futhi kuthebhu ethi Runner thola i-URL kanye nethokheni Yokubhalisa:
11. Bhalisa Umgijimi ngokufaka esikhundleni i-URL kanye nethokheni Yokubhalisa:
sudo gitlab-runner register
--non-interactive
--url "http://<URL>/"
--registration-token "<Registration Token>"
--executor "docker"
--docker-privileged
--docker-image alpine:latest
--description "docker-runner"
--tag-list "docker,privileged"
--run-untagged="true"
--locked="false"
--access-level="not_protected"Ngenxa yalokho, sithola i-GitLab esebenzayo eseyenziwe ngomumo, lapho kudingeka sengeze khona imiyalelo ukuze siqale izinsiza zethu. Kule demo asinazo izinyathelo zokwakha uhlelo lokusebenza nokulufaka esitsheni, kodwa endaweni yangempela lezi zingandulela izinyathelo zokuskena futhi zikhiqize izithombe kanye ne-Dockerfile ukuze zihlaziywe.
ukumiswa kwepayipi
1. Engeza amafayela endaweni yokugcina mydockerfile.df (lena i-Dockerfile yokuhlola esizoyihlola) kanye nefayela lokumisa inqubo ye-GitLab CI/CD .gitlab-cicd.yml, ebala imiyalelo yezikena (phawula ichashazi egameni lefayela).
Ifayela lokucushwa le-YAML liqukethe imiyalelo yokusebenzisa izinsiza ezintathu (i-Hadolint, i-Dockle, ne-Trivy) ezizohlaziya i-Dockerfile ekhethiwe kanye nesithombe esishiwo kokuguquguquka kwe-DOCKERFILE. Wonke amafayela adingekayo angathathwa endaweni yokugcina:
Ingcaphuno evela mydockerfile.df (leli yifayela elingabonakali elinesethi yemiyalo engafanele ukubonisa kuphela ukusebenza kwensiza). Isixhumanisi esiqondile sefayela:
Okuqukethwe kwe-mydockerfile.df
FROM amd64/node:10.16.0-alpine@sha256:f59303fb3248e5d992586c76cc83e1d3700f641cbcd7c0067bc7ad5bb2e5b489 AS tsbuild
COPY package.json .
COPY yarn.lock .
RUN yarn install
COPY lib lib
COPY tsconfig.json tsconfig.json
COPY tsconfig.app.json tsconfig.app.json
RUN yarn build
FROM amd64/ubuntu:18.04@sha256:eb70667a801686f914408558660da753cde27192cd036148e58258819b927395
LABEL maintainer="Rhys Arkins <[email protected]>"
LABEL name="renovate"
...
COPY php.ini /usr/local/etc/php/php.ini
RUN cp -a /tmp/piik/* /var/www/html/
RUN rm -rf /tmp/piwik
RUN chown -R www-data /var/www/html
ADD piwik-cli-setup /piwik-cli-setup
ADD reset.php /var/www/html/
## ENTRYPOINT ##
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
USER rootUkucushwa kwe-YAML kubukeka kanje (ifayela ngokwalo lingatholakala ngesixhumanisi esiqondile lapha: ):
Okuqukethwe kwe-.gitlab-ci.yml
variables:
DOCKER_HOST: "tcp://docker:2375/"
DOCKERFILE: "mydockerfile.df" # name of the Dockerfile to analyse
DOCKERIMAGE: "bkimminich/juice-shop" # name of the Docker image to analyse
# DOCKERIMAGE: "knqyf263/cve-2018-11235" # test Docker image with several CRITICAL CVE
SHOWSTOPPER_PRIORITY: "CRITICAL" # what level of criticality will fail Trivy job
TRIVYCACHE: "$CI_PROJECT_DIR/.cache" # where to cache Trivy database of vulnerabilities for faster reuse
ARTIFACT_FOLDER: "$CI_PROJECT_DIR"
services:
- docker:dind # to be able to build docker images inside the Runner
stages:
- scan
- report
- publish
HadoLint:
# Basic lint analysis of Dockerfile instructions
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/hadolint_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/hadolint/hadolint/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 && chmod +x hadolint-Linux-x86_64
# NB: hadolint will always exit with 0 exit code
- ./hadolint-Linux-x86_64 -f json $DOCKERFILE > $ARTIFACT_FOLDER/hadolint_results.json || exit 0
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/hadolint_results.json
Dockle:
# Analysing best practices about docker image (users permissions, instructions followed when image was built, etc.)
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/dockle_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/goodwithtech/dockle/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz && tar zxf dockle_${VERSION}_Linux-64bit.tar.gz
- ./dockle --exit-code 1 -f json --output $ARTIFACT_FOLDER/dockle_results.json $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/dockle_results.json
Trivy:
# Analysing docker image and package dependencies against several CVE bases
stage: scan
image: docker:git
script:
# getting the latest Trivy
- apk add rpm
- export VERSION=$(wget -q -O - https://api.github.com/repos/knqyf263/trivy/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz && tar zxf trivy_${VERSION}_Linux-64bit.tar.gz
# displaying all vulnerabilities w/o failing the build
- ./trivy -d --cache-dir $TRIVYCACHE -f json -o $ARTIFACT_FOLDER/trivy_results.json --exit-code 0 $DOCKERIMAGE
# write vulnerabilities info to stdout in human readable format (reading pure json is not fun, eh?). You can remove this if you don't need this.
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 0 $DOCKERIMAGE
# failing the build if the SHOWSTOPPER priority is found
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 1 --severity $SHOWSTOPPER_PRIORITY --quiet $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/trivy_results.json
cache:
paths:
- .cache
Report:
# combining tools outputs into one HTML
stage: report
when: always
image: python:3.5
script:
- mkdir json
- cp $ARTIFACT_FOLDER/*.json ./json/
- pip install json2html
- wget https://raw.githubusercontent.com/shad0wrunner/docker_cicd/master/convert_json_results.py
- python ./convert_json_results.py
artifacts:
paths:
- results.htmlUma kudingekile, ungakwazi futhi ukuskena izithombe ezilondoloziwe ngendlela ye-.tar archive (kodwa-ke, uzodinga ukushintsha izinhlaka zokufaka zezinsiza kufayela le-YAML)
QAPHELA: I-Trivy idinga ukufakwa ngomzuzu ΠΈ Git. Uma kungenjalo, izokhiqiza amaphutha lapho iskena izithombe ezisuselwe ku-RedHat futhi ithola izibuyekezo kusizindalwazi sokuba sengozini.
2. Ngemva kokwengeza amafayela endaweni yokugcina, ngokwemiyalo esefayelini lethu lokumisa, i-GitLab izoqala ngokuzenzakalelayo inqubo yokwakha nokuskena. Kuthebhu ethi CI/CD β Pipelines ungabona ukuqhubeka kwemiyalelo.
Ngenxa yalokho, sinemisebenzi emine. Ezintathu zazo zibhekana ngqo nokuskena, kanti eyokukugcina (Umbiko) iqoqa umbiko olula ovela kumafayela ahlakazekile anemiphumela yokuskena.
Ngokuzenzakalelayo, i-Trivy iyayeka ukusebenza uma ubungozi be-CRITICAL butholwa esithombeni noma kokuncikile. Ngesikhathi esifanayo, i-Hadolint ihlale ibuyisela ikhodi yempumelelo ngoba ihlale iphumela kumazwana, okubangela ukuthi ukwakhiwa kume.
Ngokuya ngezidingo zakho ezithile, ungamisa ikhodi yokuphuma ukuze kuthi lapho lezi zinsiza zithola izinkinga zokubaluleke kakhulu, ziphinde zimise inqubo yokwakha. Kithina, ukwakhiwa kuzoma kuphela uma i-Trivy ithola ukuba sengozini ngokubaluleka esikucacisile kokuhluka kwe-SHOWSTOPPER ku- .gitlab-ci.yml.
Umphumela wokusetshenziswa ngakunye ungabukwa kulogi yomsebenzi ngamunye wokuskena, ngokuqondile kumafayela e-json esigabeni sama-artifact, noma embikweni olula we-HTML (okwengeziwe kulokho ngezansi):
3. Ukuze wethule imibiko yensiza ngendlela efundeka kancane kancane umuntu, iskripthi esincane se-Python sisetshenziswa ukuguqula amafayela amathathu e-JSON abe ifayela elilodwa le-HTML elinethebula lezici.
Lesi script siqaliswa umsebenzi ohlukile wombiko, futhi i-artifact yawo yokugcina iyifayela le-HTML elinombiko. Umthombo weskripthi nawo ukugciniwe futhi ungashintshwa ukuze uvumelane nezidingo zakho, imibala, njll.
Iskripthi seshell
Inketho yesibili ifanele amacala lapho udinga ukuhlola izithombe ze-Docker ngaphandle kwesistimu ye-CI/CD noma udinga ukuba nayo yonke imiyalelo efomini elingenziwa ngokuqondile kumsingathi. Le nketho imbozwe umbhalo wegobolondo esenziwe ngomumo ongaqhutshwa emshinini ohlanzekile obonakalayo (noma owangempela). Iskripthi senza imiyalelo efanayo neye-gitlab-runner echazwe ngenhla.
Ukuze umbhalo usebenze ngempumelelo, i-Docker kufanele ifakwe ohlelweni futhi umsebenzisi wamanje kufanele abe seqenjini le-docker.
Umbhalo ngokwawo ungatholakala lapha:
Ekuqaleni kwefayela, okuguquguqukayo kucacisa ukuthi yisiphi isithombe esidinga ukuskenwa nokuthi yiziphi izinkinga ezibucayi ezizobangela ukuthi insiza ye-Trivy iphume ngekhodi yephutha eshiwo.
Ngesikhathi sokwenziwa kombhalo, zonke izinsiza zizodawunilodelwa kusiqondisi amathuluzi_e-docker, imiphumela yomsebenzi wabo isohlwini lwemibhalo docker_tools/json, futhi i-HTML enombiko izoba sefayelini imiphumela.html.
Isibonelo sokukhishwa kweskripthi
~/docker_cicd$ ./docker_sec_check.sh
[+] Setting environment variables
[+] Installing required packages
[+] Preparing necessary directories
[+] Fetching sample Dockerfile
2020-10-20 10:40:00 (45.3 MB/s) - βDockerfileβ saved [8071/8071]
[+] Pulling image to scan
latest: Pulling from bkimminich/juice-shop
[+] Running Hadolint
...
Dockerfile:205 DL3015 Avoid additional packages by specifying `--no-install-recommends`
Dockerfile:248 DL3002 Last USER should not be root
...
[+] Running Dockle
...
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
...
[+] Running Trivy
juice-shop/frontend/package-lock.json
=====================================
Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
+---------------------+------------------+----------+---------+-------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | VERSION | TITLE |
+---------------------+------------------+----------+---------+-------------------------+
| object-path | CVE-2020-15256 | HIGH | 0.11.4 | Prototype pollution in |
| | | | | object-path |
+---------------------+------------------+ +---------+-------------------------+
| tree-kill | CVE-2019-15599 | | 1.2.2 | Code Injection |
+---------------------+------------------+----------+---------+-------------------------+
| webpack-subresource | CVE-2020-15262 | LOW | 1.4.1 | Unprotected dynamically |
| | | | | loaded chunks |
+---------------------+------------------+----------+---------+-------------------------+
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
juice-shop/package-lock.json
============================
Total: 5 (CRITICAL: 5)
...
[+] Removing left-overs
[+] Making the output look pretty
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlIsithombe se-Docker esinazo zonke izinsiza
Njengenye indlela yesithathu, ngihlanganise ama-Dockerfiles amabili alula ukwenza isithombe esinezinsiza zokuphepha. I-Dockerfile eyodwa izosiza ukwakha isethi yokuskena isithombe endaweni yokugcina, eyesibili (i-Dockerfile_tar) izosiza ukwakha isethi yokuskena ifayela letiyela ngesithombe.
1. Thatha ifayela le-Docker elihambisanayo nemibhalo endaweni yokugcina .
2. Siyethula ukuze sihlanganise:
docker build -t dscan:image -f docker_security.df .
3. Ngemva kokuqedwa komhlangano, sakha isitsha esivela esithombeni. Ngaso leso sikhathi, sidlula i-DOCKERIMAGE imvelo eguquguqukayo negama lesithombe esinentshisekelo kuso bese sifaka i-Dockerfile esifuna ukuyihlaziya kusuka emshinini wethu kuya efayeleni. /Dockerfile (qaphela ukuthi indlela ephelele eya kuleli fayela iyadingeka):
docker run --rm -v $(pwd)/results:/results -v $(pwd)/docker_security.df:/Dockerfile -e DOCKERIMAGE="bkimminich/juice-shop" dscan:image
[+] Setting environment variables
[+] Running Hadolint
/Dockerfile:3 DL3006 Always tag the version of an image explicitly
[+] Running Dockle
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
* not found HEALTHCHECK statement
INFO - DKL-LI-0003: Only put necessary files
* unnecessary file : juice-shop/node_modules/sqlite3/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm64/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm/Dockerfile
[+] Running Trivy
...
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
[+] Making the output look pretty
[+] Starting the main module ============================================================
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlImiphumela
Sibheke isethi eyodwa kuphela eyisisekelo yezinsiza zokuskena ama-artifact e-Docker, lokho, ngokubona kwami, ehlanganisa ngempumelelo ingxenye ehloniphekile yezidingo zokuphepha kwesithombe. Kukhona nenani elikhulu lamathuluzi akhokhelwayo namahhala angakwazi ukuhlola okufanayo, adwebe imibiko emihle noma asebenze ngemodi yekhonsoli kuphela, amasistimu okuphatha isiqukathi sekhava, njll. Ukubuka konke kwalawa mathuluzi nendlela yokuwahlanganisa kungase kuvele kamuva. .
Okuhle mayelana nesethi yamathuluzi achazwe kulesi sihloko ukuthi wonke awumthombo ovulekile futhi ungazama ngawo namanye amathuluzi afanayo ukuze uthole okufanelana nezidingo zakho nengqalasizinda. Yebo, bonke ubungozi obutholakalayo kufanele bufundwe ukuze busebenze ezimeni ezithile, kodwa lesi isihloko sendatshana enkulu yesikhathi esizayo.
Ngithemba ukuthi lo mhlahlandlela, imibhalo kanye nezinsiza kuzokusiza futhi ube yisiqalo sokwenza ingqalasizinda evikeleke kakhudlwana endaweni yokuqukatha.
Source: www.habr.com