From 8a830bfdb46a44a5ef2f4e95a9902f33cbe7205f Mon Sep 17 00:00:00 2001 From: raziel007 Date: Sat, 28 Sep 2024 15:08:33 +0100 Subject: [PATCH 1/3] Create deploy-and-scan.yml --- .github/workflows/deploy-and-scan.yml | 51 +++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/deploy-and-scan.yml diff --git a/.github/workflows/deploy-and-scan.yml b/.github/workflows/deploy-and-scan.yml new file mode 100644 index 0000000..32ccca6 --- /dev/null +++ b/.github/workflows/deploy-and-scan.yml @@ -0,0 +1,51 @@ +name: Deploy and Scan + +on: + push: + branches: + - main + +jobs: + deploy-and-scan: + name: Pull Docker Image and SCA Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Pull Docker Image + run: docker pull your-docker-image-name + + - name: Install Trivy + run: | + curl -sfL https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update && sudo apt-get install -yq trivy + + build: + name: Image Scan + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Run Trivy vulnerability scanner in fs mode + uses: aquasecurity/trivy-action@master + with: + scan-type: 'image' + scanners: 'vuln' + image-ref: your-docker-image-name + scan-ref: '.' + hide-progress: false + format: 'table' + ignore-unfixed: true From de084d6d7d44109ed514c0de1daf5ff609795296 Mon Sep 17 00:00:00 2001 From: raziel007 Date: Sat, 28 Sep 2024 17:03:31 +0100 Subject: [PATCH 2/3] sca-scan-project-3.yml --- .github/workflows/sca-scan-project-3.yml | 37 ++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/sca-scan-project-3.yml diff --git a/.github/workflows/sca-scan-project-3.yml b/.github/workflows/sca-scan-project-3.yml new file mode 100644 index 0000000..4d7f915 --- /dev/null +++ b/.github/workflows/sca-scan-project-3.yml @@ -0,0 +1,37 @@ +name: SCA Scan Project 3 + +on: + push: + branches: + - main + +jobs: + deploy-and-scan: + name: Pull Docker Image and SCA Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Pull Docker Image + run: docker pull ${{ secrets.DOCKER_IMAGE }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ secrets.DOCKER_IMAGE }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From bfbfccfc112c7bd1721d0efcf04502d91544c5fc Mon Sep 17 00:00:00 2001 From: Raziel007 Date: Sat, 28 Sep 2024 17:20:47 +0100 Subject: [PATCH 3/3] 2nd Ammendment --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 26ce363..2fe57b7 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ information about this subject or to be working. In fact, the website is quite s Vulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring categories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can -create a database again. +create a database again ## Installation Guide