Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

install trivy via apt #3

Merged
merged 1 commit into from
Dec 17, 2023
Merged

install trivy via apt #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions copilot/pipelines/react-app-pipeline/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,13 @@ phases:
# Download the copilot linux binary.
- wget -q https://ecs-cli-v2-release.s3.amazonaws.com/copilot-linux-v1.32.0 -O copilot-linux
- chmod +x ./copilot-linux
# Download trivy.
- docker pull ghcr.io/aquasecurity/trivy:canary
# Download trivy. https://aquasecurity.github.io/trivy/v0.48/getting-started/installation/
- apt-get install wget apt-transport-https gnupg lsb-release
- wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
- echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
- apt-get update
- apt-get install trivy

build:
commands:
- echo "Run your tests"
Expand Down Expand Up @@ -66,7 +71,7 @@ phases:
done;
- ls -lah ./infrastructure
# Run trivy scan on the docker images.
- docker run --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/aquasecurity/trivy:canary image --vuln-type os --no-progress --format table -o container-scanning-report.txt --severity CRITICAL,HIGH $(jq -r '.services[].image' ./infrastructure/manifest.json)
- trivy image --vuln-type os --no-progress --format table -o container-scanning-report.txt --severity CRITICAL,HIGH $(jq -r '.services[].image' ./infrastructure/manifest.json)
- cat container-scanning-report.txt
artifacts:
files:
Expand Down
4 changes: 2 additions & 2 deletions docker_test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
# Author: Ryosuke Tomita
# Date: 2023/12/06
##########################################################################
#docker rmi react-app:latest -f
docker rmi react-app:latest -f
docker build -t react-app:latest . --no-cache
docker run --rm -p 8080:80 react-app:latest # -p containerport:localport
docker run -p 80:8080 react-app:latest # -p localport:containerport

# open your browser and go to `localhost:80`.
80 changes: 0 additions & 80 deletions sca-report.sarif
View file
Open in desktop

This file was deleted.