Repository | mlabouardy / pipeline-as-code-with-jenkins |
Description | Pipeline as Code with Jenkins |
Stars | 119 |
|---|---|
Failed Checks |
Security Scanning |
Scan Date | 2023-10-30 17:57:40 |
Security Scanning
This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended
Terraform security scanning tools (example
checkovoutput found below) - Implement one of the security scanning tools within the CICD framework used by the repository
Checkov Output
terraform scan results:
Passed checks: 463, Failed checks: 246, Skipped checks: 0
Check: CKV_AWS_288: "Ensure IAM policies does not allow data exfiltration"
FAILED for resource: aws_iam_role_policy.discovery_bucket_access_policy
File: /chapter10/swarm/terraform/iam.tf:27-45
27 | resource "aws_iam_role_policy" "discovery_bucket_access_policy" {
28 | name = "discovery-bucket-access-policy-${var.environment}"
29 | role = aws_iam_role.swarm_role.id
30 |
31 | policy = <
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter14/Dockerfile.
File: /chapter14/Dockerfile:1-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM jenkins/jenkins:lts
2 | MAINTAINER mlabouardy
3 |
4 | USER root
5 | RUN apt-get update && apt-get install -y apt-transport-https \
6 | ca-certificates curl gnupg2 \
7 | software-properties-common
8 | RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
9 | RUN apt-key fingerprint 0EBFCD88
10 | RUN add-apt-repository \
11 | "deb [arch=amd64] https://download.docker.com/linux/debian \
12 | $(lsb_release -cs) stable"
13 | RUN apt-get update && apt-get install -y docker-ce-cli
14 | USER jenkins
15 | RUN jenkins-plugin-cli --plugins blueocean:1.24.3 workflow-aggregator:2.6 github:1.33.1 docker-plugin:1.2.1
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-loader/Dockerfile.test.
File: /chapter7/microservices/movies-loader/Dockerfile.test:1-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM python:3.7.3
2 |
3 | WORKDIR /app
4 |
5 | RUN pip install unittest-xml-reporting
6 |
7 | COPY test_main.py .
8 | COPY movies.json .
9 |
10 | CMD python test_main.py
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-loader/Dockerfile.test.
File: /chapter7/microservices/movies-loader/Dockerfile.test:1-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM python:3.7.3
2 |
3 | WORKDIR /app
4 |
5 | RUN pip install unittest-xml-reporting
6 |
7 | COPY test_main.py .
8 | COPY movies.json .
9 |
10 | CMD python test_main.py
Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
FAILED for resource: /chapter11/jx/movies-store/Dockerfile.FROM
File: /chapter11/jx/movies-store/Dockerfile:1-1
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
1 | FROM alpine
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter11/jx/movies-store/Dockerfile.
File: /chapter11/jx/movies-store/Dockerfile:1-4
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM alpine
2 | EXPOSE 8080
3 | ENTRYPOINT ["/jx-movies-store"]
4 | COPY ./bin/ /
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter11/jx/movies-store/Dockerfile.
File: /chapter11/jx/movies-store/Dockerfile:1-4
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM alpine
2 | EXPOSE 8080
3 | ENTRYPOINT ["/jx-movies-store"]
4 | COPY ./bin/ /
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-store/Dockerfile.test.
File: /chapter7/microservices/movies-store/Dockerfile.test:1-9
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM node:14.17.0
2 |
3 | WORKDIR /app
4 |
5 | COPY package-lock.json package.json .
6 |
7 | RUN npm i
8 |
9 | COPY . .
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-store/Dockerfile.test.
File: /chapter7/microservices/movies-store/Dockerfile.test:1-9
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM node:14.17.0
2 |
3 | WORKDIR /app
4 |
5 | COPY package-lock.json package.json .
6 |
7 | RUN npm i
8 |
9 | COPY . .
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-parser/Dockerfile.test.
File: /chapter7/microservices/movies-parser/Dockerfile.test:1-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM golang:1.13.4
2 |
3 | ENV VERSION v1.0.22
4 | ENV GOCACHE /tmp
5 | WORKDIR /go/src/github/mlabouardy/movies-parser
6 |
7 | RUN wget https://github.com/sonatype-nexus-community/nancy/releases/download/$VERSION/nancy-linux.amd64-$VERSION -O nancy && \
8 | chmod +x nancy && mv nancy /usr/local/bin/nancy
9 | RUN go get -u golang.org/x/lint/golint
10 |
11 | COPY . .
12 |
13 | RUN go get -v
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-parser/Dockerfile.test.
File: /chapter7/microservices/movies-parser/Dockerfile.test:1-13
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM golang:1.13.4
2 |
3 | ENV VERSION v1.0.22
4 | ENV GOCACHE /tmp
5 | WORKDIR /go/src/github/mlabouardy/movies-parser
6 |
7 | RUN wget https://github.com/sonatype-nexus-community/nancy/releases/download/$VERSION/nancy-linux.amd64-$VERSION -O nancy && \
8 | chmod +x nancy && mv nancy /usr/local/bin/nancy
9 | RUN go get -u golang.org/x/lint/golint
10 |
11 | COPY . .
12 |
13 | RUN go get -v
Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
FAILED for resource: /chapter9/pipelines/movies-parser/Dockerfile.FROM
File: /chapter9/pipelines/movies-parser/Dockerfile:7-7
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
7 | FROM alpine:latest
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter9/pipelines/movies-parser/Dockerfile.
File: /chapter9/pipelines/movies-parser/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM golang:1.16.5
2 | WORKDIR /go/src/github.com/mlabouardy/movies-parser
3 | COPY main.go go.mod .
4 | RUN go get -v
5 | RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app main.go
6 |
7 | FROM alpine:latest
8 | LABEL Maintainer mlabouardy
9 | RUN apk --no-cache add ca-certificates
10 | WORKDIR /root/
11 | COPY --from=0 /go/src/github.com/mlabouardy/movies-parser/app .
12 | CMD ["./app"]
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter9/pipelines/movies-parser/Dockerfile.
File: /chapter9/pipelines/movies-parser/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM golang:1.16.5
2 | WORKDIR /go/src/github.com/mlabouardy/movies-parser
3 | COPY main.go go.mod .
4 | RUN go get -v
5 | RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app main.go
6 |
7 | FROM alpine:latest
8 | LABEL Maintainer mlabouardy
9 | RUN apk --no-cache add ca-certificates
10 | WORKDIR /root/
11 | COPY --from=0 /go/src/github.com/mlabouardy/movies-parser/app .
12 | CMD ["./app"]
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter12/functions/movies-marketplace/Dockerfile.
File: /chapter12/functions/movies-marketplace/Dockerfile:1-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM node:14.0.0 as builder
2 | ARG ENVIRONMENT
3 | ENV CHROME_BIN=chromium
4 | WORKDIR /app
5 | RUN apt-get update && apt-get install -y chromium
6 | COPY package-lock.json .
7 | COPY package.json .
8 | RUN npm i && npm i -g @angular/cli
9 | COPY . .
10 | RUN ng build -c $ENVIRONMENT
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter12/functions/movies-marketplace/Dockerfile.
File: /chapter12/functions/movies-marketplace/Dockerfile:1-10
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM node:14.0.0 as builder
2 | ARG ENVIRONMENT
3 | ENV CHROME_BIN=chromium
4 | WORKDIR /app
5 | RUN apt-get update && apt-get install -y chromium
6 | COPY package-lock.json .
7 | COPY package.json .
8 | RUN npm i && npm i -g @angular/cli
9 | COPY . .
10 | RUN ng build -c $ENVIRONMENT
Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
FAILED for resource: /chapter7/microservices/movies-parser/Dockerfile.FROM
File: /chapter7/microservices/movies-parser/Dockerfile:7-7
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
7 | FROM alpine:latest
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-parser/Dockerfile.
File: /chapter7/microservices/movies-parser/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM golang:1.16.5
2 | WORKDIR /go/src/github.com/mlabouardy/movies-parser
3 | COPY main.go go.mod .
4 | RUN go get -v
5 | RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app main.go
6 |
7 | FROM alpine:latest
8 | LABEL Maintainer mlabouardy
9 | RUN apk --no-cache add ca-certificates
10 | WORKDIR /root/
11 | COPY --from=0 /go/src/github.com/mlabouardy/movies-parser/app .
12 | CMD ["./app"]
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-parser/Dockerfile.
File: /chapter7/microservices/movies-parser/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM golang:1.16.5
2 | WORKDIR /go/src/github.com/mlabouardy/movies-parser
3 | COPY main.go go.mod .
4 | RUN go get -v
5 | RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app main.go
6 |
7 | FROM alpine:latest
8 | LABEL Maintainer mlabouardy
9 | RUN apk --no-cache add ca-certificates
10 | WORKDIR /root/
11 | COPY --from=0 /go/src/github.com/mlabouardy/movies-parser/app .
12 | CMD ["./app"]
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-store/Dockerfile.
File: /chapter7/microservices/movies-store/Dockerfile:1-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM node:14.17.0
2 |
3 | WORKDIR /app
4 |
5 | COPY package-lock.json package.json .
6 |
7 | RUN npm i --only=prod
8 |
9 | COPY index.js dao.js ./
10 |
11 | CMD npm start
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-store/Dockerfile.
File: /chapter7/microservices/movies-store/Dockerfile:1-11
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM node:14.17.0
2 |
3 | WORKDIR /app
4 |
5 | COPY package-lock.json package.json .
6 |
7 | RUN npm i --only=prod
8 |
9 | COPY index.js dao.js ./
10 |
11 | CMD npm start
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-marketplace/Dockerfile.test.
File: /chapter7/microservices/movies-marketplace/Dockerfile.test:1-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM node:14.0.0
2 |
3 | ENV CHROME_BIN=chromium
4 |
5 | WORKDIR /app
6 |
7 | RUN apt-get update && apt-get install -y chromium
8 |
9 | COPY package-lock.json .
10 | COPY package.json .
11 |
12 | RUN npm i && npm i -g @angular/cli
13 |
14 | COPY . .
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-marketplace/Dockerfile.test.
File: /chapter7/microservices/movies-marketplace/Dockerfile.test:1-14
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM node:14.0.0
2 |
3 | ENV CHROME_BIN=chromium
4 |
5 | WORKDIR /app
6 |
7 | RUN apt-get update && apt-get install -y chromium
8 |
9 | COPY package-lock.json .
10 | COPY package.json .
11 |
12 | RUN npm i && npm i -g @angular/cli
13 |
14 | COPY . .
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter12/functions/movies-loader/Dockerfile.test.
File: /chapter12/functions/movies-loader/Dockerfile.test:1-9
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM python:3.7.3
2 |
3 | WORKDIR /app
4 |
5 | COPY requirements.txt .
6 | RUN pip install -r requirements.txt
7 |
8 | COPY test_index.py .
9 | COPY movies.json .
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter12/functions/movies-loader/Dockerfile.test.
File: /chapter12/functions/movies-loader/Dockerfile.test:1-9
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM python:3.7.3
2 |
3 | WORKDIR /app
4 |
5 | COPY requirements.txt .
6 | RUN pip install -r requirements.txt
7 |
8 | COPY test_index.py .
9 | COPY movies.json .
Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
FAILED for resource: /chapter7/microservices/movies-loader/Dockerfile.
File: /chapter7/microservices/movies-loader/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
1 | FROM python:3.7.3
2 | LABEL MAINTAINER mlabouardy
3 |
4 | WORKDIR /app
5 |
6 | COPY requirements.txt .
7 |
8 | RUN pip install -r requirements.txt
9 |
10 | COPY movies.json main.py ./
11 |
12 | CMD python main.py
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
FAILED for resource: /chapter7/microservices/movies-loader/Dockerfile.
File: /chapter7/microservices/movies-loader/Dockerfile:1-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
1 | FROM python:3.7.3
2 | LABEL MAINTAINER mlabouardy
3 |
4 | WORKDIR /app
5 |
6 | COPY requirements.txt .
7 |
8 | RUN pip install -r requirements.txt
9 |
10 | COPY movies.json main.py ./
11 |
12 | CMD python main.py
secrets scan results:
Passed checks: 0, Failed checks: 3, Skipped checks: 0
Check: CKV_SECRET_4: "Basic Auth Credentials"
FAILED for resource: dc76e9f0c0006e8f919e0c515c66dbba3982f785
File: /chapter11/deployment/kompose/movies-parser-deployment.yaml:33-34
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-4.html
33 | value: mongodb://r***:root@mongodb/watchlist?retryWrites=true&w=majority&poolSize=1
Check: CKV_SECRET_4: "Basic Auth Credentials"
FAILED for resource: dc76e9f0c0006e8f919e0c515c66dbba3982f785
File: /chapter11/deployment/kompose/movies-store-deployment.yaml:29-30
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-4.html
29 | value: mongodb://r***:root@mongodb/watchlist?retryWrites=true&w=majority&poolSize=1
Check: CKV_SECRET_4: "Basic Auth Credentials"
FAILED for resource: db14f0be31cd81032c6c58527fbda814390a43df
File: /chapter11/values.overriden.yaml:18-19
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-4.html
18 | uri: 'mongodb://wa*******:[email protected]/watchlist?retryWrites=true&w=majority&poolSize=1'
Linting
This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.
There is an opportunity to:
- Remediate the findings identified by one of the recommended Terraform linting tools