Let's Learn Together
posts about categories
Let's Learn Together

Contents

Alpine Linux Container Scan with Trivy [2023-04-12]

 included in container
   479 words   3 minutes 
Contents

Alpine Linux Container Security Scan with Trivy [ Apr 12 2023]

Started by user letslearntogether.info
Obtained Jenkinsfile.trivy-alpine from git https://github.com/ffturan/practice.git/
Resume disabled by user, switching to high-performance, low-durability mode.
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/trivy-alpine
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
The recommended git tool is: NONE
using credential ed599e1d-a641-4f7d-a333-9308281bd4d8
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/trivy-alpine/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/ffturan/practice.git/ # timeout=10
Fetching upstream changes from https://github.com/ffturan/practice.git/
 > git --version # timeout=10
 > git --version # 'git version 2.39.2'
using GIT_ASKPASS to set credentials 
 > git fetch --tags --force --progress -- https://github.com/ffturan/practice.git/ +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision 38c15d28e725d72020632e8b0e800208b6a9d3aa (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 38c15d28e725d72020632e8b0e800208b6a9d3aa # timeout=10
Commit message: "Update"
 > git rev-list --no-walk a27e775456967a0f9c8428b7b25c3c8e6d447bdc # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build Container)
[Pipeline] echo
Building container !!
[Pipeline] sh
+ cat Dockerfile.alpine
FROM public.ecr.aws/docker/library/alpine:latest

RUN apk update && apk upgrade


[Pipeline] sh
+ docker build -t alpine:scan -f Dockerfile.alpine .
#1 [internal] load build definition from Dockerfile.alpine
#1 transferring dockerfile: 179B done
#1 DONE 0.2s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.3s

#3 [internal] load metadata for public.ecr.aws/docker/library/alpine:latest
#3 DONE 0.8s

#4 [1/2] FROM public.ecr.aws/docker/library/alpine:latest@sha256:124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126
#4 DONE 0.0s

#5 [2/2] RUN apk update && apk upgrade
#5 CACHED

#6 exporting to image
#6 exporting layers done
#6 writing image sha256:d855a85443fdb5f272c4bee693df26a15ffba647e571224210b61fae1016cdb2 done
#6 naming to docker.io/library/alpine:scan done
#6 DONE 0.0s
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Test Container with Trivy)
[Pipeline] sh
+ trivy image alpine:scan
2023-04-12T09:32:48.999-0400	INFO	Vulnerability scanning is enabled
2023-04-12T09:32:48.999-0400	INFO	Secret scanning is enabled
2023-04-12T09:32:48.999-0400	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-04-12T09:32:48.999-0400	INFO	Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2023-04-12T09:32:49.008-0400	INFO	Detected OS: alpine
2023-04-12T09:32:49.008-0400	INFO	This OS version is not on the EOL list: alpine 3.17
2023-04-12T09:32:49.008-0400	INFO	Detecting Alpine vulnerabilities...
2023-04-12T09:32:49.018-0400	INFO	Number of language-specific files: 0

alpine:scan (alpine 3.17.3)
===========================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (CleanUp)
[Pipeline] sh
++ docker ps --all
++ gawk '{print $1}'
++ grep -v CONTAINER
++ docker images --all
++ grep -v IMAGE
++ gawk '{print $3}'
+ for C in $(docker images --all | gawk {'print $3'} | grep -v IMAGE)
+ docker rmi -f d855a85443fd
Untagged: alpine:scan
Deleted: sha256:d855a85443fdb5f272c4bee693df26a15ffba647e571224210b61fae1016cdb2
+ docker ps --all
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
+ docker images --all
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
Updated on 2023-04-12
 alpinecontainertrivyCVE
Back | Home