-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Rajat <[email protected]>
- Loading branch information
Showing
14 changed files
with
591 additions
and
148 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
opt/nifi/nifi-current/licenses |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
<a href="https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=rapidfort_logo"> | ||
<img src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo.png" alt="RapidFort" width="200" /> | ||
</a> | ||
|
||
<br> | ||
|
||
[![rf-h][rf-h-badge]][rf-view-report-button] | ||
[![DH Image][dh-rf-badge]][rf-dh-image-link] | ||
[![Slack][slack-badge]][slack-link] | ||
[![FOSSA Status][fossa-badge]][fossa-link] | ||
|
||
# RapidFort hardened image for Apache Nifi IronBank | ||
|
||
RapidFort’s container optimization process hardened this Apache Nifi IronBank container. This container is free to use and has no license limitations. | ||
|
||
It is the same as the [Platform One Apache Nifi IronBank][source-image-repo-link] image but more secure. | ||
|
||
Every day, we optimize and harden a variety of Docker Hub’s most famous images. Check out our [entire library](https://hub.docker.com/u/rapidfort) of secured containers. | ||
<br> | ||
|
||
[Get the full report here or click on the image below][rf-view-report-link] | ||
|
||
[![Metrics][metrics-link]][rf-image-metrics-link] | ||
|
||
<h2> Vulnerabilities: Original vs. Hardened | ||
|
||
</h2> | ||
|
||
[![CVE Reduction][cve-reduction-link]][rf-image-cve-reduction-link] | ||
|
||
<a href="https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=get_full_report_button"> | ||
<img align="center" src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_button_3.svg" alt="View Report" height="50" /> | ||
</a> | ||
<br> | ||
<br> | ||
|
||
|
||
## What is Apache Nifi IronBank? | ||
|
||
> NiFi is an easy to use, powerful, and reliable system to process and distribute data. | ||
|
||
[Overview of Apache Nifi IronBank](https://nifi.apache.org) | ||
|
||
Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. | ||
|
||
|
||
## How do I use this hardened Apache Nifi IronBank image? | ||
|
||
The runtime instructions for this container are no different from the official release. Follow the instructions in their readme, but use our hardened image. | ||
|
||
<a href="https://repo1.dso.mil/dsop/opensource/apache/nifi/-/blob/development/README.md"> | ||
<img align="center" src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/view_detailed_instructions_button.svg" alt="View Detailed Instructions" height="50" /> | ||
</a> | ||
<br> | ||
<br> | ||
|
||
```sh | ||
# Using docker run: | ||
$ docker run -it --name my-nifi -p 8080:80 rapidfort/nifi-ib | ||
# PWD can be replaced with the directory containing all your HTML. | ||
|
||
``` | ||
|
||
## What is a hardened image? | ||
|
||
A hardened image is a copy of a container that has been optimized and reduced for significantly improved security. Because every container uses many open-source software components and their dependencies, there’s a lot of extra weight that can be trimmed. | ||
|
||
This image is a hardened version of the official [Platform One Apache Nifi IronBank][source-image-repo-link] image on Docker Hub. | ||
|
||
RapidFort is an industry-leading container optimization solution that minimizes software attack surfaces by removing unused code. Most containers can be reduced by at least 50%, which reduces the opportunity for malicious attacks and CVE exploits. Learn more at [RapidFort.com][rf-link]. | ||
|
||
Our hardened images are updated daily using the latest vulnerability information available. | ||
|
||
<a href="https://github.com/rapidfort/community-images/tree/main/community_images/nif/ironbank"> | ||
<img align="center" src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/view_on_github_button.svg" alt="View on GitHub" height="50" /> | ||
</a> | ||
<br> | ||
<br> | ||
|
||
## What’s the difference between the official [Platform One Apache Nifi IronBank][source-image-repo-link] image and this hardened image? | ||
RapidFort’s hardened [rapidfort/nifi-ib][rf-dh-image-link] image has been optimized by our proprietary scanning and slimming technology. We are big fans of open-source software, containerized infrastructure, and security. | ||
|
||
We are making secure copies of the images we use every day and the most popular ones on Docker Hub. We want to make the world a safer place to operate. | ||
|
||
## Supported tags and respective `Dockerfile` links | ||
|
||
## Need support | ||
|
||
Join our slack community for any questions. | ||
|
||
<a href="https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q"> | ||
<img src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_banner.png" alt="RapidFort Community Slack" width="600" /> | ||
</a> | ||
|
||
## 🌟 Support this project | ||
|
||
[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) | ||
|
||
### [⏫⭐️ Scroll to the star button](#start-of-content) | ||
|
||
If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) | ||
have. | ||
|
||
## Have questions? | ||
|
||
[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-rapidfort-footer-logo-link] | ||
|
||
|
||
If you'd like to learn more about RapidFort or our container optimization process, visit [RapidFort.com][rf-link]. | ||
|
||
<br> | ||
<br> | ||
|
||
|
||
[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker | ||
|
||
[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield | ||
[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield | ||
|
||
[rf-link]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=rapidfort_have_questions | ||
|
||
[rf-rapidfort-footer-logo-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=rapidfort_footer_logo | ||
[rf-view-report-button]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=view_report_button | ||
[rf-view-report-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=view_report_link | ||
[rf-image-metrics-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=image_metrics_link | ||
[rf-image-cve-reduction-link]: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term=nifi-ib&utm_content=image_cve_reduction_link | ||
|
||
[dh-img-size-badge]: https://img.shields.io/docker/image-size/rapidfort/nifi-ib?logo=docker&logoColor=white&sort=semver | ||
[dh-img-pulls-badge]: https://img.shields.io/docker/pulls/rapidfort/nifi-ib?logo=docker&logoColor=white | ||
|
||
[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B | ||
[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q | ||
|
||
[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= | ||
[metrics-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nif/ironbank/assets/metrics.webp | ||
[cve-reduction-link]: https://github.com/rapidfort/community-images/raw/main/community_images/nif/ironbank/assets/cve_reduction.webp | ||
|
||
[source-image-repo-link]: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fnifi | ||
[rf-dh-image-link]: https://hub.docker.com/r/rapidfort/nifi-ib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
set -x | ||
set -e | ||
|
||
SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" | ||
|
||
# shellcheck disable=SC1091 | ||
. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh | ||
|
||
JSON_PARAMS="$1" | ||
|
||
JSON=$(cat "$JSON_PARAMS") | ||
|
||
echo "Json params for docker compose coverage = $JSON" | ||
|
||
PROJECT_NAME=$(jq -r '.project_name' < "$JSON_PARAMS") | ||
|
||
CONTAINER_NAME="${PROJECT_NAME}"-nifi-1 | ||
sleep 10 | ||
|
||
# Start the NiFi template | ||
docker exec -i "${CONTAINER_NAME}" /opt/nifi/nifi-current/bin/nifi.sh nifi start -f /tmp/test-template.xml | ||
# Wait for the data flow to process some data | ||
sleep 60 | ||
|
||
docker exec -i "${CONTAINER_NAME}" /opt/nifi/nifi-current/bin/nifi.sh nifi pg-list | ||
docker exec -i "${CONTAINER_NAME}" /opt/nifi/nifi-current/bin/nifi.sh nifi status |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
version: '2' | ||
|
||
services: | ||
nifi: | ||
image: ${NIFI_IMAGE_REPOSITORY}:${NIFI_IMAGE_TAG} | ||
cap_add: | ||
- SYS_PTRACE | ||
ports: | ||
- "0.0.0.0::8080" | ||
volumes: | ||
- ./test-template.xml:/tmp/test-template.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
name: nifi-ib | ||
official_name: Apache Nifi IronBank | ||
official_website: https://nifi.apache.org | ||
source_image_provider: Platform One | ||
source_image_repo: registry1.dso.mil/ironbank/opensource/apache/nifi | ||
source_image_repo_link: https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fapache%2Fnifi | ||
source_image_readme: https://repo1.dso.mil/dsop/opensource/apache/nifi/-/blob/development/README.md | ||
rf_docker_link: rapidfort/nifi-ib | ||
image_workflow_name: nifi_ironbank | ||
github_location: nif/ironbank | ||
report_url: https://us01.rapidfort.com/app/community/imageinfo/registry1.dso.mil%2Fironbank%2Fopensource%2Fapache%2Fnifi | ||
usage_instructions: | | ||
# Using docker run: | ||
$ docker run -it --name my-nifi -p 8080:80 rapidfort/nifi-ib | ||
# PWD can be replaced with the directory containing all your HTML. | ||
what_is_text: | | ||
NiFi is an easy to use, powerful, and reliable system to process and distribute data. | ||
disclaimer: | | ||
Trademarks: This software listing is packaged by RapidFort. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. | ||
input_registry: | ||
registry: registry1.dso.mil | ||
account: ironbank | ||
repo_sets: | ||
- opensource/apache/nifi: | ||
input_base_tag: "1.24." | ||
output_repo: nifi-ib | ||
runtimes: | ||
- type: docker_compose | ||
script: dc_coverage.sh | ||
compose_file: docker-compose.yml | ||
image_keys: | ||
nifi-ib: | ||
repository: "NIFI_IMAGE_REPOSITORY" | ||
tag: "NIFI_IMAGE_TAG" | ||
- type: k8s | ||
script: k8s_coverage.sh | ||
use_helm: False | ||
image_keys: | ||
nifi-ib: | ||
repository: "image.repository" | ||
tag: "image.tag" | ||
override_file: "overrides.yml" | ||
readiness_wait_pod_name_suffix: | ||
- "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/bin/bash | ||
|
||
set -x | ||
set -e | ||
|
||
# shellcheck disable=SC1091 | ||
SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" | ||
|
||
# shellcheck disable=SC1091 | ||
. "${SCRIPTPATH}"/../../common/scripts/bash_helper.sh | ||
|
||
JSON_PARAMS="$1" | ||
|
||
JSON=$(cat "$JSON_PARAMS") | ||
|
||
echo "Json params for k8s coverage = $JSON" | ||
|
||
NAMESPACE=$(jq -r '.namespace_name' < "$JSON_PARAMS") | ||
RELEASE_NAME=$(jq -r '.release_name' < "$JSON_PARAMS") | ||
CONTAINER_NAME="${RELEASE_NAME}" | ||
|
||
kubectl exec -i "${CONTAINER_NAME}" -n "${NAMESPACE}" -- /opt/nifi/nifi-current/bin/nifi.sh | ||
sleep 60 | ||
kubectl logs -n "${NAMESPACE}" "${CONTAINER_NAME}" | ||
kubectl exec -i "${CONTAINER_NAME}" -n "${NAMESPACE}" -- tail -n 100 /opt/nifi/nifi-current/logs/nifi-app.log | ||
|
||
kubectl exec -i "${CONTAINER_NAME}" -n "${NAMESPACE}" -- ls -l /opt/nifi/nifi-current/bin | ||
kubectl exec -i "${CONTAINER_NAME}" -n "${NAMESPACE}" -- ps aux | grep nifi | ||
|
||
kubectl exec -i "${CONTAINER_NAME}" -n "${NAMESPACE}" -- /opt/nifi/nifi-current/bin/nifi.sh list-processors |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
image: | ||
pullSecrets: ["rf-regcred"] | ||
pullPolicy: Always | ||
containerSecurityContext: | ||
enabled: true | ||
runAsUser: 1001 | ||
allowPrivilegeEscalation: true | ||
capabilities: | ||
add: ["SYS_PTRACE"] | ||
extraEnvVars: | ||
- name: "RF_VERBOSE" | ||
value: "0" | ||
livenessProbe: | ||
initialDelaySeconds: 30 | ||
timeoutSeconds: 30 | ||
readinessProbe: | ||
initialDelaySeconds: 30 | ||
timeoutSeconds: 30 |
Oops, something went wrong.