Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update tests #334

Merged
merged 4 commits into from May 7, 2024
Merged

update tests #334

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
90f38eb
update tests
nikpivkin Apr 12, 2024
f097aa6
rename trivy images
nikpivkin May 2, 2024
770328d
Merge branch 'master' into tests-upd
nikpivkin May 2, 2024
a57f6c3
rename workflow steps
nikpivkin May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
28 changes: 0 additions & 28 deletions .github/workflows/build.yaml
View file
Open in desktop

This file was deleted.

24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-checks.yaml
View file
Open in desktop
@@ -0,0 +1,24 @@
name: Sync Trivy Checks

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-checks-act
REGISTRY: ghcr.io

jobs:
sync-trivy-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy Checks
run: |
oras cp ghcr.io/aquasecurity/trivy-checks:0 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-db.yaml
View file
Open in desktop
@@ -0,0 +1,24 @@
name: Sync Trivy DB

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-db-act
REGISTRY: ghcr.io

jobs:
sync-trivy-db:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy Checks
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Copy Trivy Checks
- name: Copy Trivy DB

run: |
oras cp ghcr.io/aquasecurity/trivy-db:2 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-java-db.yaml
View file
Open in desktop
@@ -0,0 +1,24 @@
name: Sync Trivy Java DB

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-java-db-act
REGISTRY: ghcr.io

jobs:
sync-trivy-db:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy Checks
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Copy Trivy Checks
- name: Copy Trivy Java DB

run: |
oras cp ghcr.io/aquasecurity/trivy-java-db:1 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
29 changes: 29 additions & 0 deletions .github/workflows/test.yaml
View file
Open in desktop
@@ -0,0 +1,29 @@
name: Test

on:
push:
pull_request:
workflow_dispatch:

env:
TRIVY_VERSION: 0.50.2
BATS_LIB_PATH: '/usr/lib/'

jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup Bats and bats libs
uses: bats-core/bats-action@2.0.0

- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ env.TRIVY_VERSION }}
trivy --version
- name: Test
run: |
chmod +x entrypoint.sh
bats -r -T .
0 test/data/main.tf → test/data/config-sarif-report/main.tf
View file
Open in desktop
File renamed without changes.
512 changes: 512 additions & 0 deletions test/data/config-sarif-report/report.sarif
View file
Open in desktop

Large diffs are not rendered by default.

620 changes: 0 additions & 620 deletions test/data/config-sarif.test
View file
Open in desktop

This file was deleted.

18 changes: 18 additions & 0 deletions test/data/config-scan/main.tf
View file
Open in desktop
@@ -0,0 +1,18 @@
# test data for trivy config with terraform variables

variable "bucket_versioning_enabled" {
type = string
default = "Disabled"
}

resource "aws_s3_bucket" "bucket" {
bucket = "trivy-action-bucket"
}

resource "aws_s3_bucket_versioning" "bucket_versioning" {
bucket = aws_s3_bucket.bucket.id

versioning_configuration {
status = var.bucket_versioning_enabled
}
}
76 changes: 6 additions & 70 deletions test/data/config.test → test/data/config-scan/report.json
View file
Open in desktop
@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"CreatedAt": "2024-01-02T23:40:12.036390742Z",
"ArtifactName": ".",
"CreatedAt": "2024-04-12T16:53:35.5567541+03:00",
"ArtifactName": "test/data/config-scan",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
Expand All @@ -17,71 +17,7 @@
},
"Results": [
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 2,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds002"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
},
{
"Type": "Dockerfile Security Check",
"ID": "DS026",
"AVDID": "AVD-DS-0026",
"Title": "No HEALTHCHECK defined",
"Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
"Message": "Add HEALTHCHECK instruction in your Dockerfile",
"Namespace": "builtin.dockerfile.DS026",
"Query": "data.builtin.dockerfile.DS026.deny",
"Resolution": "Add HEALTHCHECK instruction in Dockerfile",
"Severity": "LOW",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
"References": [
"https://blog.aquasec.com/docker-security-best-practices",
"https://avd.aquasec.com/misconfig/ds026"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
},
{
"Target": "test/data",
"Target": ".",
"Class": "config",
"Type": "terraform",
"MisconfSummary": {
Expand All @@ -91,7 +27,7 @@
}
},
{
"Target": "test/data/main.tf",
"Target": "main.tf",
"Class": "config",
"Type": "terraform",
"MisconfSummary": {
Expand Down Expand Up @@ -436,15 +372,15 @@
"Occurrences": [
{
"Resource": "versioning_configuration",
"Filename": "test/data/main.tf",
"Filename": "main.tf",
"Location": {
"StartLine": 15,
"EndLine": 17
}
},
{
"Resource": "aws_s3_bucket_versioning.bucket_versioning",
"Filename": "test/data/main.tf",
"Filename": "main.tf",
"Location": {
"StartLine": 12,
"EndLine": 18
Expand Down
0 test/data/fs.test → test/data/fs-scan/report
View file
Open in desktop
File renamed without changes.