Skip to content

bth-dipt-teaching/pa2588-devsecops-container-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PA2588 DevSecOps: Playground for Container Security

This is part of the course DevSecOps. You will cover two aspects of container security.

Preparation

  1. Click on Use this template to create a new repository in your GitHub account (don't fork it), and make sure to set the visibility to "Public".
  2. The GitHub actions should run automatically and be green.

1. Scanning the Image

  1. In .github/workflows/docker-image.yml, uncomment the block labeled "Version 1" to enable Trivy.
    • After the next successful run of the GitHub actions, you should now see hundreds of security issues being reported.
  2. In Dockerfile, change the base image to the "slim" version.
    • After the next successful run of the GitHub actions, you should now see 90% of the security issues being closed.

2. Signing the Image

  1. In .github/workflows/docker-image.yml, uncomment the block labeled "Version 2" to enable Signing the Docker Image.
    • After the next successful run of the GitHib actions, you should now see that the built package is signed.

About

Playground for learning a bit about container security

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

2 forks
Report repository

Contributors 2

  •  
  •  

Languages