Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update tests #334

Merged
merged 4 commits into from
May 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions .github/workflows/build.yaml

This file was deleted.

24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-checks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Sync Trivy Checks

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-checks-act
REGISTRY: ghcr.io

jobs:
sync-trivy-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy Checks
run: |
oras cp ghcr.io/aquasecurity/trivy-checks:0 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-db.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Sync Trivy DB

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-db-act
REGISTRY: ghcr.io

jobs:
sync-trivy-db:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy DB
run: |
oras cp ghcr.io/aquasecurity/trivy-db:2 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
24 changes: 24 additions & 0 deletions .github/workflows/sync-trivy-java-db.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Sync Trivy Java DB

on:
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository_owner }}/trivy-java-db-act
REGISTRY: ghcr.io

jobs:
sync-trivy-db:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Login to GitHub Packages Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Copy Trivy Java DB
run: |
oras cp ghcr.io/aquasecurity/trivy-java-db:1 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
29 changes: 29 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Test

on:
push:
pull_request:
workflow_dispatch:

env:
TRIVY_VERSION: 0.50.2
BATS_LIB_PATH: '/usr/lib/'

jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup Bats and bats libs
uses: bats-core/bats-action@2.0.0

- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ env.TRIVY_VERSION }}
trivy --version

- name: Test
run: |
chmod +x entrypoint.sh
bats -r -T .
File renamed without changes.
512 changes: 512 additions & 0 deletions test/data/config-sarif-report/report.sarif

Large diffs are not rendered by default.

620 changes: 0 additions & 620 deletions test/data/config-sarif.test

This file was deleted.

18 changes: 18 additions & 0 deletions test/data/config-scan/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# test data for trivy config with terraform variables

variable "bucket_versioning_enabled" {
type = string
default = "Disabled"
}

resource "aws_s3_bucket" "bucket" {
bucket = "trivy-action-bucket"
}

resource "aws_s3_bucket_versioning" "bucket_versioning" {
bucket = aws_s3_bucket.bucket.id

versioning_configuration {
status = var.bucket_versioning_enabled
}
}
76 changes: 6 additions & 70 deletions test/data/config.test → test/data/config-scan/report.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"CreatedAt": "2024-01-02T23:40:12.036390742Z",
"ArtifactName": ".",
"CreatedAt": "2024-04-12T16:53:35.5567541+03:00",
"ArtifactName": "test/data/config-scan",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
Expand All @@ -17,71 +17,7 @@
},
"Results": [
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 2,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds002"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
},
{
"Type": "Dockerfile Security Check",
"ID": "DS026",
"AVDID": "AVD-DS-0026",
"Title": "No HEALTHCHECK defined",
"Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
"Message": "Add HEALTHCHECK instruction in your Dockerfile",
"Namespace": "builtin.dockerfile.DS026",
"Query": "data.builtin.dockerfile.DS026.deny",
"Resolution": "Add HEALTHCHECK instruction in Dockerfile",
"Severity": "LOW",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
"References": [
"https://blog.aquasec.com/docker-security-best-practices",
"https://avd.aquasec.com/misconfig/ds026"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
},
{
"Target": "test/data",
"Target": ".",
"Class": "config",
"Type": "terraform",
"MisconfSummary": {
Expand All @@ -91,7 +27,7 @@
}
},
{
"Target": "test/data/main.tf",
"Target": "main.tf",
"Class": "config",
"Type": "terraform",
"MisconfSummary": {
Expand Down Expand Up @@ -436,15 +372,15 @@
"Occurrences": [
{
"Resource": "versioning_configuration",
"Filename": "test/data/main.tf",
"Filename": "main.tf",
"Location": {
"StartLine": 15,
"EndLine": 17
}
},
{
"Resource": "aws_s3_bucket_versioning.bucket_versioning",
"Filename": "test/data/main.tf",
"Filename": "main.tf",
"Location": {
"StartLine": 12,
"EndLine": 18
Expand Down
File renamed without changes.
Loading
Loading