Skip to content

Docker Install

Docker Install #20

Workflow file for this run

name: CI Stage
on: [push]
jobs:
sast_scan_bandit:
name: Run Bandit
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Install Bandit
run: pip install bandit
- name: Run Bandit
run: bandit -ll -iii -r . -o bandit_scan_report.json -f json
- name: Upload Build Artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: bandit report
path: bandit_scan_report.json
sast_scan_sonar:
name: Run SonarQube
runs-on: ubuntu-latest
steps:
- name: SonarCloud
uses: actions/checkout@v3
- name: SonarScan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.self_token }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.sonar_token }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=owasp_test
-Dsonar.organization=owasptest
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
Docker_Setup_Scan:
name: Install Docker
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Docker Prerequisite
run: apt-get update && apt-get install --no-install-recommends -y dnsutils=1:9.11.5.P4+dfsg-5.1+deb10u7 libpq-dev=11.16-0+deb10u1 python3-dev=3.7.3-1 && apt-get clean && rm -rf /var/lib/apt/lists/*
- name: Setup Docker
uses: crazy-max/ghaction-setup-docker@v3
#with:
#docker_version: 20.10.7
- name: Docker Build
run: docker build -f Dockerfile -t owasp_app:latest .
- name: Docker Scout Scan
run: |
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
echo ${{ secrets.DOCKER_TOKEN }} | docker login --username ${{ secrets.DOCKER_USERNAME }} --password-stdin
docker scout quickview
docker scout cves