This will allow this CVEs to be ignored in any image, format is: CVE:Package name
generalwhitelist:
CVE-2016-9843: zlib
CVE-2017-1000158: python
renatomefi
/ Article-dockerfile-security-scan-clair-whitelist.md
Created
September 17, 2018 18:27
renatomefi
/ Dockerfile
Created
September 20, 2018 10:54
A mongo Dockerfile with SSL support out of the box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mongo:4.0 | |
| # Works with Mongo 3.2 till 4.0 | |
| WORKDIR /etc/ssl | |
| # If you want to validate the certifacate you should have it somewhere else an copy here, otherwise you won't be able to | |
| RUN set -xe \ | |
| && openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=Me/OU=Somewhere/CN=mongo" \ | |
| && cat mongodb-cert.key mongodb-cert.crt > mongodb.pem | |
| ENTRYPOINT ["mongod", "--sslMode", "requireSSL", "--sslPEMKeyFile", "/etc/ssl/mongodb.pem"] |
renatomefi
/ Article-dockerfile-unit-testing-Dockerfile-alpine38.md
Last active
February 27, 2019 20:26
./Dockerfile
FROM alpine:3.8
RUN addgroup -g 1000 app \
&& adduser -u 1000 -D -G app app
renatomefi
/ Article-dockerfile-unit-testing-cat-passwd.md
Last active
February 27, 2019 20:08
$ docker build -t alpine-app -f - . <<Dockerfile
FROM alpine:3.8
RUN addgroup -g 1000 app \
&& adduser -u 1000 -D -G app app
Dockerfile
Sending build context to Docker daemon 69.68kB
Step 1/2 : FROM alpine:3.8
---> 491e0ff7a8d5
Step 2/2 : RUN addgroup -g 1000 app && adduser -u 1000 -D -G app app
renatomefi
/ Article-dockerfile-unit-testing-pytest-user.md
Last active
March 4, 2019 10:47
./test/test_user.py
def test_user_is_present(host):
user_name = 'app'
group_name = 'app'
home_dir = '/home/app'
shell = '/sbin/halt'
renatomefi
/ Article-dockerfile-unit-testing-pytest-run.md
Last active
February 27, 2019 20:29
Let's first build and run our newly image with a sleep time, thus pytest will have time to execute the test in it, no worries, this won't be the final solution
$ docker build -t alpine-app .
$ docker run --rm -d alpine-app sleep 60
7ecbe3205a3e9e871d4bc73237ee374d75e1e8508b008d578f2538ce937b2aa5We want now to copy the running container ID, and let's put it in the Testinfra command so it knows what container we want to test
renatomefi
/ Article-dockerfile-unit-testing-alpine39-run.md
Created
February 27, 2019 20:38
Let's update from 3.8 to 3.9
FROM alpine:3.9
RUN addgroup -g 1000 app \
&& adduser -u 1000 -D -G app appBuild it again
renatomefi
/ Article-dockerfile-unit-testing-script.sh
Last active
March 13, 2019 08:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # A simple script to start a Docker container | |
| # and run Testinfra in it | |
| # Original script: https://gist.github.com/renatomefi/bbf44d4e8a2614b1390416c6189fbb8e | |
| # Author: @renatomefi https://twitter.com/renatomefi | |
| # | |
| set -eEuo pipefail |
renatomefi
/ Article-dockerfile-unit-testing-script-run.md
Last active
February 27, 2019 21:15
$ chmod +x ./test.sh
$ ./test.sh ./test.sh alpine-app
Starting a container for 'alpine-app'
=============== test session starts =======================================================
platform linux2 -- Python 2.7.15, pytest-4.3.0, py-1.8.0, pluggy-0.9.0 -- /usr/bin/python2
rootdir: /tests, inifile:
plugins: testinfra-1.19.0
collected 1 item OlderNewer