Construction et diffusion des paquets/image de conteneur via Jenkins #4

wpetit · 2023-12-06T14:45:28+01:00

wpetit commented

2023-12-06 14:45:28 +01:00

No description provided.

wpetit added 1 commit 2023-12-06 14:45:31 +01:00

Cadoles/hydra-werther/pipeline/head This commit looks good Details

Cadoles/hydra-werther/pipeline/pr-develop This commit looks good Details

b3a3e1987d feat: release docker and packages from jenkins

jenkins commented

2023-12-06 14:46:58 +01:00

Test report for `b3a3e19`

docker build \
	-t "reg.cadoles.com/cadoles/hydra-werther:latest" \
	.	
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 32B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/golang:1.21-alpine
#3 DONE 0.4s

#4 [build 1/9] FROM docker.io/library/golang:1.21-alpine@sha256:5c1cabd9a3c6851a3e18735a2c133fbd8f67fe37eb3203318b7af2ffd2547095
#4 DONE 0.0s

#5 [internal] load build context
#5 transferring context: 4.79kB done
#5 DONE 0.0s

#6 [build 9/9] RUN env CGO_ENABLED=0 go install -ldflags="-w -s -X main.version=${VERSION}" ./...
#6 CACHED

#7 [build 7/9] COPY cmd cmd
#7 CACHED

#8 [final 1/3] COPY --from=build /etc/passwd /etc/passwd
#8 CACHED

#9 [build 3/9] RUN adduser -D -g '' appuser
#9 CACHED

#10 [final 2/3] COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
#10 CACHED

#11 [build 6/9] COPY go.sum .
#11 CACHED

#12 [build 8/9] COPY internal internal
#12 CACHED

#13 [build 2/9] WORKDIR /opt/build
#13 CACHED

#14 [build 5/9] COPY go.mod .
#14 CACHED

#15 [build 4/9] RUN apk --update add ca-certificates
#15 CACHED

#16 [final 3/3] COPY --from=build /go/bin/werther /werther
#16 CACHED

#17 exporting to image
#17 exporting layers done
#17 writing image sha256:54b069ca29676360034c6e1cf2eedeecbb841adde5cf60fd83835b53f1672dce done
#17 naming to reg.cadoles.com/cadoles/hydra-werther:latest done
#17 DONE 0.0s
mkdir -p tools/trivy/bin
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0
aquasecurity/trivy info checking GitHub for tag 'v0.47.0'
aquasecurity/trivy info found version: 0.47.0 for v0.47.0/Linux/64bit
aquasecurity/trivy info installed ./tools/trivy/bin/trivy
mkdir -p .trivy
tools/trivy/bin/trivy --cache-dir .trivy/.cache image --ignorefile .trivyignore.yaml  reg.cadoles.com/cadoles/hydra-werther:latest
2023-12-06T13:46:51.772Z	[34mINFO[0m	Need to update DB
2023-12-06T13:46:51.772Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-12-06T13:46:51.772Z	[34mINFO[0m	Downloading DB...
11.31 MiB / 41.16 MiB [---------------->____________________________________________] 27.48% ? p/s ?25.19 MiB / 41.16 MiB [------------------------------------->_______________________] 61.19% ? p/s ?39.31 MiB / 41.16 MiB [---------------------------------------------------------->__] 95.50% ? p/s ?41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 43.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [-------------------------------------------------] 100.00% 22.81 MiB p/s 2.0s2023-12-06T13:46:54.491Z	[34mINFO[0m	Vulnerability scanning is enabled
2023-12-06T13:46:54.491Z	[34mINFO[0m	Secret scanning is enabled
2023-12-06T13:46:54.491Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-06T13:46:54.491Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection
2023-12-06T13:46:54.997Z	[34mINFO[0m	Number of language-specific files: 1
2023-12-06T13:46:54.997Z	[34mINFO[0m	Detecting gobinary vulnerabilities...

werther (gobinary)
==================
Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 6, CRITICAL: 0)

┌────────────────────────────┬────────────────┬──────────┬────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│          Library           │ Vulnerability  │ Severity │ Status │         Installed Version          │           Fixed Version           │                           Title                            │
├────────────────────────────┼────────────────┼──────────┼────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ github.com/justinas/nosurf │ CVE-2020-36564 │ HIGH     │ fixed  │ v0.0.0-20171023064657-7182011986c4 │ 1.1.1                             │ nosurf vulnerable to improper input validation             │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2020-36564                 │
├────────────────────────────┼────────────────┤          │        ├────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto        │ CVE-2020-29652 │          │        │ v0.0.0-20200604202706-70a84ac30bf9 │ 0.0.0-20201216223049-8b5274cf687f │ crafted authentication request can lead to nil pointer     │
│                            │                │          │        │                                    │                                   │ dereference                                                │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2020-29652                 │
│                            ├────────────────┤          │        │                                    ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│                            │ CVE-2021-43565 │          │        │                                    │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic                        │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2021-43565                 │
│                            ├────────────────┤          │        │                                    ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│                            │ CVE-2022-27191 │          │        │                                    │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server                  │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-27191                 │
├────────────────────────────┼────────────────┤          │        ├────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/text          │ CVE-2021-38561 │          │        │ v0.3.2                             │ 0.3.7                             │ golang: out-of-bounds read in golang.org/x/text/language   │
│                            │                │          │        │                                    │                                   │ leads to DoS                                               │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2021-38561                 │
│                            ├────────────────┤          │        │                                    ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│                            │ CVE-2022-32149 │          │        │                                    │ 0.3.8                             │ golang: golang.org/x/text/language: ParseAcceptLanguage    │
│                            │                │          │        │                                    │                                   │ takes a long time to parse complex tags                    │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-32149                 │
│                            ├────────────────┼──────────┤        │                                    ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│                            │ CVE-2020-14040 │ MEDIUM   │        │                                    │ 0.3.3                             │ golang.org/x/text: possibility to trigger an infinite loop │
│                            │                │          │        │                                    │                                   │ in encoding/unicode could lead to...                       │
│                            │                │          │        │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2020-14040                 │
└────────────────────────────┴────────────────┴──────────┴────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘

# Test report for b3a3e19 ``` docker build \ -t "reg.cadoles.com/cadoles/hydra-werther:latest" \ . #0 building with "default" instance using docker driver #1 [internal] load build definition from Dockerfile #1 transferring dockerfile: 32B done #1 DONE 0.0s #2 [internal] load .dockerignore #2 transferring context: 2B done #2 DONE 0.0s #3 [internal] load metadata for docker.io/library/golang:1.21-alpine #3 DONE 0.4s #4 [build 1/9] FROM docker.io/library/golang:1.21-alpine@sha256:5c1cabd9a3c6851a3e18735a2c133fbd8f67fe37eb3203318b7af2ffd2547095 #4 DONE 0.0s #5 [internal] load build context #5 transferring context: 4.79kB done #5 DONE 0.0s #6 [build 9/9] RUN env CGO_ENABLED=0 go install -ldflags="-w -s -X main.version=${VERSION}" ./... #6 CACHED #7 [build 7/9] COPY cmd cmd #7 CACHED #8 [final 1/3] COPY --from=build /etc/passwd /etc/passwd #8 CACHED #9 [build 3/9] RUN adduser -D -g '' appuser #9 CACHED #10 [final 2/3] COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ #10 CACHED #11 [build 6/9] COPY go.sum . #11 CACHED #12 [build 8/9] COPY internal internal #12 CACHED #13 [build 2/9] WORKDIR /opt/build #13 CACHED #14 [build 5/9] COPY go.mod . #14 CACHED #15 [build 4/9] RUN apk --update add ca-certificates #15 CACHED #16 [final 3/3] COPY --from=build /go/bin/werther /werther #16 CACHED #17 exporting to image #17 exporting layers done #17 writing image sha256:54b069ca29676360034c6e1cf2eedeecbb841adde5cf60fd83835b53f1672dce done #17 naming to reg.cadoles.com/cadoles/hydra-werther:latest done #17 DONE 0.0s mkdir -p tools/trivy/bin curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0 aquasecurity/trivy info checking GitHub for tag 'v0.47.0' aquasecurity/trivy info found version: 0.47.0 for v0.47.0/Linux/64bit aquasecurity/trivy info installed ./tools/trivy/bin/trivy mkdir -p .trivy tools/trivy/bin/trivy --cache-dir .trivy/.cache image --ignorefile .trivyignore.yaml reg.cadoles.com/cadoles/hydra-werther:latest 2023-12-06T13:46:51.772Z [34mINFO[0m Need to update DB 2023-12-06T13:46:51.772Z [34mINFO[0m DB Repository: ghcr.io/aquasecurity/trivy-db 2023-12-06T13:46:51.772Z [34mINFO[0m Downloading DB... 11.31 MiB / 41.16 MiB [---------------->____________________________________________] 27.48% ? p/s ?25.19 MiB / 41.16 MiB [------------------------------------->_______________________] 61.19% ? p/s ?39.31 MiB / 41.16 MiB [---------------------------------------------------------->__] 95.50% ? p/s ?41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 49.71 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 46.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [---------------------------------------------->] 100.00% 43.50 MiB p/s ETA 0s41.16 MiB / 41.16 MiB [-------------------------------------------------] 100.00% 22.81 MiB p/s 2.0s2023-12-06T13:46:54.491Z [34mINFO[0m Vulnerability scanning is enabled 2023-12-06T13:46:54.491Z [34mINFO[0m Secret scanning is enabled 2023-12-06T13:46:54.491Z [34mINFO[0m If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-12-06T13:46:54.491Z [34mINFO[0m Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection 2023-12-06T13:46:54.997Z [34mINFO[0m Number of language-specific files: 1 2023-12-06T13:46:54.997Z [34mINFO[0m Detecting gobinary vulnerabilities... werther (gobinary) ================== Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 6, CRITICAL: 0) ┌────────────────────────────┬────────────────┬──────────┬────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────┼────────────────┼──────────┼────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ github.com/justinas/nosurf │ CVE-2020-36564 │ HIGH │ fixed │ v0.0.0-20171023064657-7182011986c4 │ 1.1.1 │ nosurf vulnerable to improper input validation │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-36564 │ ├────────────────────────────┼────────────────┤ │ ├────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ golang.org/x/crypto │ CVE-2020-29652 │ │ │ v0.0.0-20200604202706-70a84ac30bf9 │ 0.0.0-20201216223049-8b5274cf687f │ crafted authentication request can lead to nil pointer │ │ │ │ │ │ │ │ dereference │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ │ ├────────────────┤ │ │ ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ │ CVE-2021-43565 │ │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ │ ├────────────────┤ │ │ ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ │ CVE-2022-27191 │ │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ ├────────────────────────────┼────────────────┤ │ ├────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ golang.org/x/text │ CVE-2021-38561 │ │ │ v0.3.2 │ 0.3.7 │ golang: out-of-bounds read in golang.org/x/text/language │ │ │ │ │ │ │ │ leads to DoS │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ │ ├────────────────┤ │ │ ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ │ CVE-2022-32149 │ │ │ │ 0.3.8 │ golang: golang.org/x/text/language: ParseAcceptLanguage │ │ │ │ │ │ │ │ takes a long time to parse complex tags │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ │ ├────────────────┼──────────┤ │ ├───────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ │ CVE-2020-14040 │ MEDIUM │ │ │ 0.3.3 │ golang.org/x/text: possibility to trigger an infinite loop │ │ │ │ │ │ │ │ in encoding/unicode could lead to... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-14040 │ └────────────────────────────┴────────────────┴──────────┴────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘ ```

wpetit merged commit 7edc889271 into develop

2023-12-06 14:47:28 +01:00

wpetit referenced this issue from a commit

2023-12-06 14:47:28 +01:00

Merge pull request 'Construction et diffusion des paquets/image de conteneur via Jenkins' (#4) from jenkins-release into develop

wpetit deleted branch jenkins-release

2023-12-06 14:47:30 +01:00

wpetit referenced this pull request

2023-12-06 14:47:40 +01:00

feat(makefile): updating Makefile with cadoles methods. #1

Sign in to join this conversation.

No reviewers