Skip to content

1.0.53 Add kics dockerfile scan action #31

1.0.53 Add kics dockerfile scan action

1.0.53 Add kics dockerfile scan action #31

# Define the name of your workflow.
name: build-scan-push-to-dockerhub
# Specify when this workflow should run (on a push event to the 'main' branch).
on:
push:
branches:
- 'main'
# Define environment variables for better organization.
env:
DATABASE_CONTAINER_NAME: "database"
DATABASE_ADMIN_CONTAINER_NAME: "database_admin"
LDAP_CONTAINER_NAME: "ldap"
LDAP_ADMIN_CONTAINER_NAME: "ldap_admin"
WEB_CONTAINER_NAME: "www"
jobs:
docker:
runs-on: ubuntu-latest
steps:
# Step 1: Prepare the runner and check out the codebase.
- name: Check out the codebase
uses: actions/checkout@v4
# Step 2: Get the version from a file and set it as an environment variable.
- name: Get version from version file
run: |
VERSION=$(cat version)
echo "VERSION=$VERSION" >> $GITHUB_ENV
# Step 3: Set up QEMU on the runner.
- name: Set up QEMU on the runner
uses: docker/setup-qemu-action@v3
# Step 4: Set up Docker Buildx on the runner.
- name: Set up Docker Buildx on the runner
uses: docker/setup-buildx-action@v3
# Step 5: Login to Docker Hub using secrets for authentication.
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# ----------------------------------------------------------------------------
# Database Container
# ----------------------------------------------------------------------------
-
name: Build and Export Database Container to Docker
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile
load: true
tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}
-
name: Run Trivy vulnerability scanner on Database Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}'
format: 'sarif'
output: '${{ env.DATABASE_CONTAINER_NAME }}-trivy-scan-results.sarif'
-
name: Upload Database Container Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{ env.DATABASE_CONTAINER_NAME }}-trivy-scan-results.sarif'
category: ${{ env.DATABASE_CONTAINER_NAME }}
-
name: Build and push Database container
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}
-
name: Build and push Database container with version number
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}-${{ env.VERSION }}
# ----------------------------------------------------------------------------
# Database Admin Container
# ----------------------------------------------------------------------------
-
name: Build and Export Database Admin Container to Docker
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile
load: true
tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}
-
name: Run Trivy vulnerability scanner on Database Admin Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}'
format: 'sarif'
output: '${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif'
-
name: Upload Database Admin Container Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif'
category: ${{ env.DATABASE_ADMIN_CONTAINER_NAME }}
-
name: Build and push Database Admin Container
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}
-
name: Build and push Database Admin Container with version number
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-${{ env.VERSION }}
# ----------------------------------------------------------------------------
# LDAP Container
# ----------------------------------------------------------------------------
-
name: Build and Export LDAP Container to Docker
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_CONTAINER_NAME }}/Dockerfile
load: true
tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}
-
name: Run Trivy vulnerability scanner on LDAP Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}'
format: 'sarif'
output: '${{ env.LDAP_CONTAINER_NAME }}-trivy-scan-results.sarif'
-
name: Upload LDAP Container Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{ env.LDAP_CONTAINER_NAME }}-trivy-scan-results.sarif'
category: ${{ env.LDAP_CONTAINER_NAME }}
-
name: Build and push LDAP Container
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}
-
name: Build and push LDAP Container with version number
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}-${{ env.VERSION }}
# ----------------------------------------------------------------------------
# LDAP Admin Container
# ----------------------------------------------------------------------------
-
name: Build and Export LDAP Admin Container to Docker
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile
load: true
tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}
-
name: Run Trivy vulnerability scanner on LDAP Admin Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}'
format: 'sarif'
output: '${{ env.LDAP_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif'
-
name: Upload LDAP Admin Container Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{ env.LDAP_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif'
category: ${{ env.LDAP_ADMIN_CONTAINER_NAME }}
-
name: Build and push LDAP Admin Container
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}
-
name: Build and push LDAP Admin Container with version number
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}-${{ env.VERSION }}
# ----------------------------------------------------------------------------
# Web Container
# ----------------------------------------------------------------------------
-
name: Build and Export Web Container to Docker
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.WEB_CONTAINER_NAME}}/Dockerfile
load: true
tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}
-
name: Run Trivy vulnerability scanner on Web Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}'
format: 'sarif'
output: '${{ env.WEB_CONTAINER_NAME}}-trivy-scan-results.sarif'
-
name: Upload Web Container Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{ env.WEB_CONTAINER_NAME}}-trivy-scan-results.sarif'
category: ${{ env.WEB_CONTAINER_NAME }}
-
name: Build and push Web Container
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.WEB_CONTAINER_NAME}}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}
-
name: Build and push Web Container with version number
uses: docker/build-push-action@v5
with:
context: .
file: ./${{ env.WEB_CONTAINER_NAME}}/Dockerfile
push: true
tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}-${{ env.VERSION }}