Audit the toolbox image #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Audit the toolbox image | |
| env: | |
| IMAGE_NAME: "righettod/toolbox-pentest-web" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 0 * * 0" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install docker-slim | |
| run: | | |
| curl -L -o ds.tar.gz https://github.com/slimtoolkit/slim/releases/download/1.40.11/dist_linux.tar.gz | |
| tar -xvf ds.tar.gz | |
| mv dist_linux/slim /usr/local/bin/ | |
| mv dist_linux/slim-sensor /usr/local/bin/ | |
| slim version | |
| - name: Build the toolbox image | |
| run: | | |
| docker build . -t ${{ env.IMAGE_NAME }} --file Dockerfile | |
| - name: Apply docker-slim against the built toolbox image | |
| run: | | |
| slim build --http-probe-off ${{ env.IMAGE_NAME }} --entrypoint "/usr/bin/whoami" | |
| - name: List images | |
| run: | | |
| docker images | |
| - name: Scan the reduced toolbox image with Anchore | |
| uses: anchore/scan-action@v3 | |
| with: | |
| image: "${{ env.IMAGE_NAME }}.slim:latest" | |
| fail-build: false | |
| output-format: "sarif" | |
| - name: Upload Anchore scan SARIF report | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "results.sarif" |