Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit 9c96b03

Browse files
J12934J12934
authored
Merge pull request #109 from secureCodeBox/update-docker-image-group
Publish Docker Images in regular Docker group
2 parents a68b475 + b415777 commit 9c96b03

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

63 files changed

+156
-99
lines changed

.github/workflows/ci.yaml

Lines changed: 46 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ jobs:
6868
with:
6969
username: ${{ secrets.DOCKER_USERNAME }}
7070
password: ${{ secrets.DOCKER_PASSWORD }}
71-
repository: scbexperimental/operator
71+
repository: securecodebox/operator
7272
tag_with_ref: true
7373
tag_with_sha: true
7474
path: ./operator/
@@ -90,7 +90,7 @@ jobs:
9090
with:
9191
username: ${{ secrets.DOCKER_USERNAME }}
9292
password: ${{ secrets.DOCKER_PASSWORD }}
93-
repository: scbexperimental/lurcher
93+
repository: securecodebox/lurcher
9494
tag_with_ref: true
9595
tag_with_sha: true
9696
path: ./lurcher/
@@ -105,7 +105,7 @@ jobs:
105105
with:
106106
username: ${{ secrets.DOCKER_USERNAME }}
107107
password: ${{ secrets.DOCKER_PASSWORD }}
108-
repository: scbexperimental/parser-sdk-nodejs
108+
repository: securecodebox/parser-sdk-nodejs
109109
path: ./parser-sdk/nodejs/
110110
tag_with_ref: true
111111
tag_with_sha: true
@@ -116,7 +116,7 @@ jobs:
116116
with:
117117
username: ${{ secrets.DOCKER_USERNAME }}
118118
password: ${{ secrets.DOCKER_PASSWORD }}
119-
repository: scbexperimental/parser-amass
119+
repository: securecodebox/parser-amass
120120
path: ./scanners/amass/parser/
121121
tag_with_ref: true
122122
tag_with_sha: true
@@ -126,7 +126,7 @@ jobs:
126126
with:
127127
username: ${{ secrets.DOCKER_USERNAME }}
128128
password: ${{ secrets.DOCKER_PASSWORD }}
129-
repository: scbexperimental/parser-kube-hunter
129+
repository: securecodebox/parser-kube-hunter
130130
path: ./scanners/kube-hunter/parser/
131131
tag_with_ref: true
132132
tag_with_sha: true
@@ -136,7 +136,7 @@ jobs:
136136
with:
137137
username: ${{ secrets.DOCKER_USERNAME }}
138138
password: ${{ secrets.DOCKER_PASSWORD }}
139-
repository: scbexperimental/parser-ncrack
139+
repository: securecodebox/parser-ncrack
140140
path: ./scanners/ncrack/parser/
141141
tag_with_ref: true
142142
tag_with_sha: true
@@ -146,7 +146,7 @@ jobs:
146146
with:
147147
username: ${{ secrets.DOCKER_USERNAME }}
148148
password: ${{ secrets.DOCKER_PASSWORD }}
149-
repository: scbexperimental/parser-nikto
149+
repository: securecodebox/parser-nikto
150150
path: ./scanners/nikto/parser/
151151
tag_with_ref: true
152152
tag_with_sha: true
@@ -156,7 +156,7 @@ jobs:
156156
with:
157157
username: ${{ secrets.DOCKER_USERNAME }}
158158
password: ${{ secrets.DOCKER_PASSWORD }}
159-
repository: scbexperimental/parser-nmap
159+
repository: securecodebox/parser-nmap
160160
path: ./scanners/nmap/parser/
161161
tag_with_ref: true
162162
tag_with_sha: true
@@ -166,7 +166,7 @@ jobs:
166166
with:
167167
username: ${{ secrets.DOCKER_USERNAME }}
168168
password: ${{ secrets.DOCKER_PASSWORD }}
169-
repository: scbexperimental/parser-ssh-scan
169+
repository: securecodebox/parser-ssh-scan
170170
path: ./scanners/ssh_scan/parser/
171171
tag_with_ref: true
172172
tag_with_sha: true
@@ -176,7 +176,7 @@ jobs:
176176
with:
177177
username: ${{ secrets.DOCKER_USERNAME }}
178178
password: ${{ secrets.DOCKER_PASSWORD }}
179-
repository: scbexperimental/parser-sslyze
179+
repository: securecodebox/parser-sslyze
180180
path: ./scanners/sslyze/parser/
181181
tag_with_ref: true
182182
tag_with_sha: true
@@ -186,7 +186,7 @@ jobs:
186186
with:
187187
username: ${{ secrets.DOCKER_USERNAME }}
188188
password: ${{ secrets.DOCKER_PASSWORD }}
189-
repository: scbexperimental/parser-test-scan
189+
repository: securecodebox/parser-test-scan
190190
path: ./scanners/test-scan/parser/
191191
tag_with_ref: true
192192
tag_with_sha: true
@@ -196,7 +196,7 @@ jobs:
196196
with:
197197
username: ${{ secrets.DOCKER_USERNAME }}
198198
password: ${{ secrets.DOCKER_PASSWORD }}
199-
repository: scbexperimental/parser-trivy
199+
repository: securecodebox/parser-trivy
200200
path: ./scanners/trivy/parser/
201201
tag_with_ref: true
202202
tag_with_sha: true
@@ -206,7 +206,7 @@ jobs:
206206
with:
207207
username: ${{ secrets.DOCKER_USERNAME }}
208208
password: ${{ secrets.DOCKER_PASSWORD }}
209-
repository: scbexperimental/parser-zap
209+
repository: securecodebox/parser-zap
210210
path: ./scanners/zap/parser/
211211
tag_with_ref: true
212212
tag_with_sha: true
@@ -216,7 +216,7 @@ jobs:
216216
with:
217217
username: ${{ secrets.DOCKER_USERNAME }}
218218
password: ${{ secrets.DOCKER_PASSWORD }}
219-
repository: scbexperimental/parser-wpscan
219+
repository: securecodebox/parser-wpscan
220220
path: ./scanners/wpscan/parser/
221221
tag_with_ref: true
222222
tag_with_sha: true
@@ -233,7 +233,7 @@ jobs:
233233
with:
234234
username: ${{ secrets.DOCKER_USERNAME }}
235235
password: ${{ secrets.DOCKER_PASSWORD }}
236-
repository: scbexperimental/hook-sdk-nodejs
236+
repository: securecodebox/hook-sdk-nodejs
237237
path: ./hook-sdk/nodejs/
238238
tag_with_ref: true
239239
tags: "ci-local"
@@ -243,7 +243,7 @@ jobs:
243243
with:
244244
username: ${{ secrets.DOCKER_USERNAME }}
245245
password: ${{ secrets.DOCKER_PASSWORD }}
246-
repository: scbexperimental/persistence-elastic
246+
repository: securecodebox/persistence-elastic
247247
path: ./hooks/persistence-elastic/
248248
tag_with_ref: true
249249
build_args: baseImageTag=ci-local
@@ -252,24 +252,25 @@ jobs:
252252
with:
253253
username: ${{ secrets.DOCKER_USERNAME }}
254254
password: ${{ secrets.DOCKER_PASSWORD }}
255-
repository: scbexperimental/persistence-elastic-dashboard-importer
255+
repository: securecodebox/persistence-elastic-dashboard-importer
256256
path: ./hooks/persistence-elastic/dashboardImporter/
257257
tag_with_ref: true
258258
- uses: docker/build-push-action@v1
259259
name: "Build & Push GenericWebhook Hook Image"
260260
with:
261261
username: ${{ secrets.DOCKER_USERNAME }}
262262
password: ${{ secrets.DOCKER_PASSWORD }}
263-
repository: scbexperimental/generic-webhook
263+
repository: securecodebox/generic-webhook
264264
path: ./hooks/generic-webhook/
265265
tag_with_ref: true
266+
tag_with_sha: true
266267
build_args: baseImageTag=ci-local
267268
- uses: docker/build-push-action@v1
268269
name: "Build & Push ImperativeSubsequentScans Hook Image"
269270
with:
270271
username: ${{ secrets.DOCKER_USERNAME }}
271272
password: ${{ secrets.DOCKER_PASSWORD }}
272-
repository: scbexperimental/hook-imperative-subsequent-scans
273+
repository: securecodebox/hook-imperative-subsequent-scans
273274
path: ./hooks/imperative-subsequent-scans/
274275
tag_with_ref: true
275276
build_args: baseImageTag=ci-local
@@ -278,7 +279,7 @@ jobs:
278279
with:
279280
username: ${{ secrets.DOCKER_USERNAME }}
280281
password: ${{ secrets.DOCKER_PASSWORD }}
281-
repository: scbexperimental/hook-declarative-subsequent-scans
282+
repository: securecodebox/hook-declarative-subsequent-scans
282283
path: ./hooks/declarative-subsequent-scans/
283284
tag_with_ref: true
284285
tag_with_sha: true
@@ -288,7 +289,7 @@ jobs:
288289
with:
289290
username: ${{ secrets.DOCKER_USERNAME }}
290291
password: ${{ secrets.DOCKER_PASSWORD }}
291-
repository: scbexperimental/update-field
292+
repository: securecodebox/update-field
292293
path: ./hooks/update-field/
293294
tag_with_ref: true
294295
tag_with_sha: true
@@ -304,7 +305,7 @@ jobs:
304305
with:
305306
username: ${{ secrets.DOCKER_USERNAME }}
306307
password: ${{ secrets.DOCKER_PASSWORD }}
307-
repository: scbexperimental/ncrack
308+
repository: securecodebox/scanner-ncrack
308309
path: ./scanners/ncrack/scanner/
309310
# Note: not prefixed with a "v" as this seems to match ncrack versioning standards
310311
tags: "0.7,latest"
@@ -313,7 +314,7 @@ jobs:
313314
with:
314315
username: ${{ secrets.DOCKER_USERNAME }}
315316
password: ${{ secrets.DOCKER_PASSWORD }}
316-
repository: scbexperimental/nmap
317+
repository: securecodebox/scanner-nmap
317318
path: ./scanners/nmap/scanner/
318319
# Note: not prefixed with a "v" as this seems to match nmap versioning standards
319320
tags: "7.80,7.80-2,latest"
@@ -322,7 +323,7 @@ jobs:
322323
with:
323324
username: ${{ secrets.DOCKER_USERNAME }}
324325
password: ${{ secrets.DOCKER_PASSWORD }}
325-
repository: scbexperimental/kube-hunter
326+
repository: securecodebox/scanner-kube-hunter
326327
path: ./scanners/kube-hunter/scanner/
327328
# Note: not prefixed with a "v" as this matches the aquasec/kube-hunter tags
328329
tags: "0.3.0,latest"
@@ -331,10 +332,11 @@ jobs:
331332
with:
332333
username: ${{ secrets.DOCKER_USERNAME }}
333334
password: ${{ secrets.DOCKER_PASSWORD }}
334-
repository: scbexperimental/test-scan
335+
repository: securecodebox/scanner-test-scan
335336
path: ./scanners/test-scan/scanner/
336337
# Note: not prefixed with a "v" as this seems to match nmap versioning standards
337-
tags: "latest"
338+
tag_with_ref: true
339+
tag_with_sha: true
338340
integrationTests:
339341
name: "Test / Integration / k8s ${{ matrix.k8sVersion }}"
340342
needs:
@@ -396,15 +398,21 @@ jobs:
396398
--set="image.tag=sha-$(git rev-parse --short HEAD)" \
397399
--set="attribute.name=severity" \
398400
--set="attribute.value=high"
399-
helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
401+
helm -n integration-tests install test-scan ./scanners/test-scan/ \
402+
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
403+
--set="image.tag=sha-$(git rev-parse --short HEAD)"
400404
cd tests/integration/
401405
npx jest --ci --color read-write-hook
402406
helm -n integration-tests uninstall test-scan update-category update-severity
403407
- name: "Hooks (ReadOnly) Integration Tests"
404408
run: |
405-
helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
409+
helm -n integration-tests install test-scan ./scanners/test-scan/ \
410+
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
411+
--set="image.tag=sha-$(git rev-parse --short HEAD)"
406412
helm -n integration-tests install http-webhook ./demo-apps/http-webhook
407-
helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://http-webhook/hallo-welt"
413+
helm -n integration-tests install ro-hook ./hooks/generic-webhook/ \
414+
--set="webhookUrl=http://http-webhook/hallo-welt" \
415+
--set="image.tag=sha-$(git rev-parse --short HEAD)"
408416
cd tests/integration/
409417
npx jest --ci --color read-only-hook
410418
helm -n integration-tests uninstall test-scan http-webhook ro-hook
@@ -417,17 +425,23 @@ jobs:
417425
kubectl expose deployment nginx --port 80 --namespace demo-apps
418426
- name: "nmap Integration Tests"
419427
run: |
420-
helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
428+
helm -n integration-tests install nmap ./scanners/nmap/ \
429+
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
430+
--set="image.tag=7.80"
421431
cd tests/integration/
422432
npx jest --ci --color nmap
423433
- name: "ncrack Integration Tests"
424434
run: |
425-
helm -n integration-tests install ncrack ./scanners/ncrack/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
435+
helm -n integration-tests install ncrack ./scanners/ncrack/ \
436+
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
437+
--set="image.tag=0.7"
426438
cd tests/integration/
427439
npx jest --ci --color ncrack
428440
- name: "kube-hunter Integration Tests"
429441
run: |
430-
helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
442+
helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ \
443+
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
444+
--set="image.tag=0.3.0"
431445
cd tests/integration/
432446
npx jest --ci --color kube-hunter
433447
- name: "ssh-scan Integration Tests"

docs/user-guide/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ The result should contain a hook for declarative subsequent scans.
3333

3434
```bash
3535
NAME TYPE IMAGE
36-
combined-scans-declarative-subsequent-scans ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
36+
combined-scans-declarative-subsequent-scans ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest
3737
```
3838

3939
### Verify CascadingRules

hooks/declarative-subsequent-scans/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ RUN npm ci
1313
COPY hook.ts scan-helpers.ts kubernetes-label-selector.ts ./
1414
RUN npm run build
1515

16-
FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
16+
FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
1717
WORKDIR /home/app/hook-wrapper/hook/
1818
COPY --from=install --chown=app:app /home/app/node_modules/ ./node_modules/
1919
COPY --from=build --chown=app:app /home/app/hook.js /home/app/scan-helpers.js /home/app/kubernetes-label-selector.js ./

hooks/declarative-subsequent-scans/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
2121
```bash
2222
kubectl get ScanCompletionHooks
2323
NAME TYPE IMAGE
24-
dssh ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
24+
dssh ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest
2525
```
2626

2727
## CascadingScan Rules
@@ -119,5 +119,5 @@ zap-http zap-baseline non-invasive medium
119119

120120
| Key | Type | Default | Description |
121121
|-----|------|---------|-------------|
122-
| image.repository | string | `"docker.io/scbexperimental/hook-declarative-subsequent-scans"` | Hook image repository |
122+
| image.repository | string | `"docker.io/securecodebox/hook-declarative-subsequent-scans"` | Hook image repository |
123123
| image.tag | string | `nil` | |

hooks/declarative-subsequent-scans/README.md.gotmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
2121
```bash
2222
kubectl get ScanCompletionHooks
2323
NAME TYPE IMAGE
24-
dssh ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
24+
dssh ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest
2525
```
2626

2727
## CascadingScan Rules

hooks/declarative-subsequent-scans/values.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,9 @@
33
# Declare variables to be passed into your templates.
44

55
image:
6+
# image.tag - defaults to the charts version
67
# image.repository -- Hook image repository
7-
repository: docker.io/scbexperimental/hook-declarative-subsequent-scans
8+
repository: docker.io/securecodebox/hook-declarative-subsequent-scans
89
# parserImage.tag -- Parser image tag
910
# @default -- defaults to the charts version
1011
tag: null

hooks/generic-webhook/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ WORKDIR /home/app
55
COPY package.json package-lock.json ./
66
RUN npm ci --production
77

8-
FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
8+
FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
99
WORKDIR /home/app/hook-wrapper/hook/
1010
COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
1111
COPY --chown=app:app ./hook.js ./hook.js

hooks/generic-webhook/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,6 @@ helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://exa
2222

2323
| Key | Type | Default | Description |
2424
|-----|------|---------|-------------|
25-
| image.repository | string | `"docker.io/scbexperimental/generic-webhook"` | Hook image repository |
25+
| image.repository | string | `"docker.io/securecodebox/generic-webhook"` | Hook image repository |
2626
| image.tag | string | `nil` | |
2727
| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |

hooks/generic-webhook/values.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,9 @@
66
webhookUrl: "http://example.com"
77

88
image:
9+
# image.tag - defaults to the charts version
910
# image.repository -- Hook image repository
10-
repository: docker.io/scbexperimental/generic-webhook
11+
repository: docker.io/securecodebox/generic-webhook
1112
# parserImage.tag -- Parser image tag
1213
# @default -- defaults to the charts version
1314
tag: null

hooks/imperative-subsequent-scans/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# This image doesn't install the hooks dependencies, as it only has the @kubernetes/client-node dependencies which is already installed via the hook-sdk
22

33
ARG baseImageTag
4-
FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
4+
FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
55
WORKDIR /home/app/hook-wrapper/hook/
66
COPY --chown=app:app hook.js scan-helpers.js ./

0 commit comments

Comments
 (0)