Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Docker Scout Security Action #56

Merged
merged 43 commits into from
Oct 21, 2024
Merged

Adding Docker Scout Security Action #56

merged 43 commits into from
Oct 21, 2024

Conversation

tefirman
Copy link
Member

@tefirman tefirman commented Oct 18, 2024
edited
Loading

Description

  • Testing out the addition of an security-related GitHub Action.
  • Every month, this action will run Docker Scout on the "latest" version of each Docker image.
  • If fixable vulnerabilities are detected, it will post an issue to the repo describing the vulnerability.
  • If there's already an existing vulnerability issue from last month, it will skip it (don't want infinite issues).
  • Can also be triggered manually if needed.
  • Currently running hourly for testing purposes.
  • Eventually want to create a similar GitHub Action for PR's into main as a required check.
    • See bot comments on this PR below for an example output.
  • Also fixing a security vulnerability in bwa while I'm at it.

Related Issue

Testing

  • See the massive amounts of security-action GitHub Actions in the past few days.

tefirman added 18 commits October 18, 2024 11:09
@tefirman
Testing out Docker Scout GitHub Action
3c0f7d7
@tefirman
Updating action name to trigger it in the PR
bfe0fbd
@tefirman
Adding DockerHub login to Docker Scout action
cf52a48
@tefirman
Adding PR write permissions to Docker Scout action
16c91eb
@tefirman
Adding example image to test Docker Scout action
45b26bf
@tefirman
Testing out just CVE check for Docker Scout action
63a596b
@tefirman
Testing out pre-build for Docker Scout action
3ad4bad
@tefirman
Merge branch 'main' into security-action
0adb13a
@tefirman
Adding ls to Docker Scout for debugging
73dbee4
@tefirman
Adding ls to Docker Scout for debugging
3bf5dca
@tefirman
Adding checkout to Docker Scout action
c7c0381
@tefirman
Updating versions in bwa Docker image
0f4da68
@tefirman
Calling image by tag in Docker Scout
d6f1138
@tefirman
Checking if you need login for Docker Scout
b6869ee
@tefirman
Adding back login for Docker Scout
c8feb15
@tefirman
Updating parameters for Docker Scout
52ea378
@tefirman
Restricting Docker Scout to pull request events
01510bb
@tefirman
Restricting Docker Scout to fixed cves
9cd92eb
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 18, 2024
edited
Loading

🔍 Vulnerabilities of bwa-scout:latest

📦 Image Reference bwa-scout:latest
digestsha256:b1beec5352f4f62ba1fdc33de2efc6b3dac879d2d6ee1807ae0fb0c8040edf5b
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
size206 MB
packages227
📦 Base Image ubuntu:24.04
also known as
  • latest
  • noble
  • noble-20241011
digestsha256:5d070ad5f7fe63623cbb99b4fc0fd997f5591303d4b03ccce50f403957d0ddc4
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 4

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 18, 2024
edited
Loading

Recommended fixes for image bwa-scout:latest

Base image is ubuntu:24.04

Name24.04
Digestsha256:5d070ad5f7fe63623cbb99b4fc0fd997f5591303d4b03ccce50f403957d0ddc4
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 4
Pushed1 week ago
Size30 MB
Packages130
OS24.04
The base image is also available under the supported tag(s): latest, noble, noble-20241011

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

TagDetailsPushedVulnerabilities
24.10
Minor OS version update
Also known as:
  • rolling
  • oracular
  • oracular-20241009
 Benefits:
  • Minor OS version update
  • Image has similar size
  • Image introduces no new vulnerability but removes 5
  • Image contains similar number of packages
Image details:
  • Size: 31 MB
  • OS: 24.10
 1 week ago



tefirman added 15 commits October 19, 2024 10:16
@tefirman tefirman marked this pull request as ready for review October 21, 2024 17:13
@tefirman
Copy link
Member Author

GitHub Action isolated to this repo, also heavily tested on my end. Merging without approval.

@tefirman tefirman merged commit 4f02f8d into main Oct 21, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tefirman