try-panwiac · jluevan13 · Mar 15, 2023 · Apr 25, 2023 · May 31, 2024 · May 31, 2024
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -0,0 +1,76 @@
+name: Docker Image CI
+on:
+  pull_request:
+    types:
+      - closed
+# on:
+#   push:
+#     branches: [ "main" ]
+#   pull_request:
+#     branches: [ "main" ]
+
+jobs:
+
+  Build_Secure_Image:
+
+    runs-on: ubuntu-latest
+    strategy:
+                  matrix:
+                        python-version: [3.10]
+    # name: Set environmental variables for Prisma Cloud access
+    env: 
+      TL_USER: ${{ secrets.TL_USER }}
+      TL_PASS: ${{ secrets.TL_PASS }}
+      TL_CONSOLE: ${{ secrets.TL_CONSOLE }} 
+      BYPASS_REPOSCAN: 1
+      BYPASS_OSS_LICENSE: 1
+      BYPASS_IMAGESCAN: 0
+      BYPASS_WF: 1
+      BYPASS_SANDBOX: 1
+      PRISMA_API_URL: https://api0.prismacloud.io
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Login via Azure CLI
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Build image
+      uses: azure/docker-login@v1
+      with: 
+        login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+    - run: docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/vulnerable-test:${{ github.sha }} 
+
+    - name: Download twistcli
+      run: curl -s -k -u $TL_USER:$TL_PASS "https://$TL_CONSOLE/api/v1/util/twistcli" -v -o twistcli;chmod +x twistcli
+
+    - name: Scan image for vulns and compliance issues
+      run: ./twistcli images scan --u $TL_USER --p $TL_PASS --address https://$TL_CONSOLE --details ${{ secrets.REGISTRY_LOGIN_SERVER }}/vulnerable-test:${{ github.sha }} -o output.json
+
+    - name: Install checkov
+      run: pip3 install checkov
+
+    - name: Checkov image scan
+      id: checkov
+      # uses: bridgecrewio/checkov-action@master
+      # with:
+      #   quiet: true
+      #   framework: sca_package
+      #   api-key: ${{ secrets.BC_API_KEY }}
+      #   directory: .
+      #   docker_image: ${{ secrets.REGISTRY_LOGIN_SERVER }}/vulnerable-test:${{ github.sha }}
+      #   dockerfile_path: ./Dockerfile
+      #   use_enforcement_rules: true
+      run: checkov --bc-api-key ${{ secrets.BC_API_KEY }} --branch update-actions-workflow --repo-id jluevan13/vulnerable-front-end --docker-image ${{ secrets.REGISTRY_LOGIN_SERVER }}/vulnerable-test:${{ github.sha }} --dockerfile-path Dockerfile --use-enforcement-rules --framework sca_package  --output sarif 
+
+    - name: Push image
+      uses: azure/docker-login@v1
+      with: 
+        login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+    - run: docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/vulnerable-test:${{ github.sha }}
diff --git a/package.json b/package.json
@@ -21,22 +21,21 @@
     "async": "^1.5.2",
     "body-parser": "^1.15.1",
     "cookie-parser": "^1.4.3",
+    "epimetheus": "^1.0.46",
     "express": "^4.13.4",
     "express-session": "^1.13.0",
     "finalhandler": "^0.4.1",
-    "request": "^2.72.0",
-    "serve-static": "^1.10.2",
-    "epimetheus": "^1.0.46",
     "prom-client": "^6.1.0",
-    "morgan": "^1.7.0"
+    "request": "^2.72.0",
+    "serve-static": "^1.10.2"
   },
   "devDependencies": {
     "chai": "^3.5.0",
     "chai-http": "^3.0.0",
-    "sinon": "^1.17.5",
+    "istanbul": "^0.4.4",
     "mocha": "^3.0.0",
     "mocha-junit-reporter": "^1.12.1",
-    "istanbul": "^0.4.4",
-    "mongodb": "^2.2.5"
+    "mongodb": "^2.2.5",
+    "sinon": "^1.17.5"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -87,10 +87,6 @@ [email protected]:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/base64-url/-/base64-url-1.3.3.tgz#f8b6c537f09a4fc58c99cb86e0b0e9c61461a20f"
 
-basic-auth@~1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-1.0.4.tgz#030935b01de7c9b94a824b29f3fccb750d3a5290"
-
 bcrypt-pbkdf@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.0.tgz#3ca76b85241c7170bf7d9703e7b9aa74630040d4"
@@ -873,16 +869,6 @@ mongodb@^2.2.5:
     mongodb-core "2.1.2"
     readable-stream "2.1.5"
 
-morgan@^1.7.0:
-  version "1.7.0"
-  resolved "https://registry.yarnpkg.com/morgan/-/morgan-1.7.0.tgz#eb10ca8e50d1abe0f8d3dad5c0201d052d981c62"
-  dependencies:
-    basic-auth "~1.0.3"
-    debug "~2.2.0"
-    depd "~1.1.0"
-    on-finished "~2.3.0"
-    on-headers "~1.0.1"
-
 [email protected]:
   version "0.7.1"
   resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098"