Skip to content

Add twistlock scan #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add twistlock scan #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bffc53c
adding in yaml for Twistlock scanning build step
dustinvanbuskirk Apr 2, 2018
547e4b2
adding Twistlock scan to fullpipeline
dustinvanbuskirk Apr 2, 2018
4d00608
updating the build step name
dustinvanbuskirk Apr 2, 2018
416a3e7
not using thresholds for demo
dustinvanbuskirk Apr 2, 2018
aab4d96
CF-5100 updating title of build step
dustinvanbuskirk Apr 3, 2018
2e6e478
using sctechdev
dustinvanbuskirk Apr 24, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions codefresh.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,46 @@ steps:
test:
image: '${{build_step}}'
command: npm test

TwistlockScanImage:
type: composition
composition:
version: '2'
services:
targetimage:
image: ${{build_step}} # Must be the Docker build step name
command: sh -c "exit 0"
labels:
build.image.id: ${{CF_BUILD_ID}} # Provides a lookup for the composition
composition_candidates:
scan_service:
image: codefresh/docker-twistcli:latest # Recommend replacing with current Twistlock Console version
environment: # Add only the Environment Variables you need
- CODEFRESH_CLI_KEY=${{CODEFRESH_CLI_KEY}} # Required
- CONSOLE_HOSTNAME=${{CONSOLE_HOSTNAME}} # Required
- CONSOLE_PORT=${{CONSOLE_PORT}} # Required
- CONSOLE_USERNAME=${{CONSOLE_USERNAME}} # Required
- CONSOLE_PASSWORD=${{CONSOLE_PASSWORD}} # Required
- DETAILS=true
command: python /twistlock-cli.py "docker inspect $$(docker inspect $$(docker ps -aqf label=build.image.id=${{CF_BUILD_ID}}) -f {{.Config.Image}}) -f {{.Id}} | sed 's/sha256://g'"
depends_on:
- targetimage
volumes: # Volumes required to run DIND
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
add_flow_volume_to_composition: true
on_success: # Execute only once the step succeeded
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{build_step.imageId}}: # Select any number of target images
- SECURITY_SCAN: true

on_fail: # Execute only once the step failed
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{build_step.imageId}}: # Select any number of target images
- SECURITY_SCAN: false

push_to_registry:
title: Push To Registry
type: push
Expand Down
51 changes: 45 additions & 6 deletions fullpipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ steps:
title: Running Unit Tests
image: '${{BuildingDockerImage}}'
working_directory: IMAGE_WORK_DIR
commands:
commands:
- bash unit_test.sh
on_success:
metadata:
Expand All @@ -22,7 +22,7 @@ steps:
metadata:
set:
- '${{BuildingDockerImage.imageId}}':
- CF_QUALITY: false
- CF_QUALITY: false
RunningPerformanceTests:
title: Running Performance Tests
type: composition
Expand All @@ -41,14 +41,14 @@ steps:
command: bash runtests
environment:
- CF_VOLUME_PATH=${{CF_VOLUME_PATH}}
- TOKEN=${{TOKEN}}
- TOKEN=${{TOKEN}}
volumes:
- '${{CF_VOLUME_NAME}}:/codefresh/volume'
add_flow_volume_to_composition: true
when:
condition:
all:
testresults: '"${{FAIL}}" == "0"'
testresults: '"${{FAIL}}" == "0"'
on_success:
metadata:
set:
Expand All @@ -60,6 +60,45 @@ steps:
set:
- '${{BuildingDockerImage.imageId}}':
- CF_QUALITY: false
TwistlockScanImage:
title: Running Twistlock Security Tests
type: composition
composition:
version: '2'
services:
targetimage:
image: ${{BuildingDockerImage}} # Must be the Docker build step name
command: sh -c "exit 0"
labels:
build.image.id: ${{CF_BUILD_ID}} # Provides a lookup for the composition
composition_candidates:
scan_service:
image: sctechdev/docker-twistcli:latest # Recommend replacing with current Twistlock Console version
environment: # Add only the Environment Variables you need
- CODEFRESH_CLI_KEY=${{CODEFRESH_CLI_KEY}} # Required
- CONSOLE_HOSTNAME=${{CONSOLE_HOSTNAME}} # Required
- CONSOLE_PORT=${{CONSOLE_PORT}} # Required
- CONSOLE_USERNAME=${{CONSOLE_USERNAME}} # Required
- CONSOLE_PASSWORD=${{CONSOLE_PASSWORD}} # Required
- DETAILS=true
command: python /twistlock-cli.py "docker inspect $$(docker inspect $$(docker ps -aqf label=build.image.id=${{CF_BUILD_ID}}) -f {{.Config.Image}}) -f {{.Id}} | sed 's/sha256://g'"
depends_on:
- targetimage
volumes: # Volumes required to run DIND
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
add_flow_volume_to_composition: true
on_success: # Execute only once the step succeeded
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{BuildingDockerImage.imageId}}: # Select any number of target images
- SECURITY_SCAN: true

on_fail: # Execute only once the step failed
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{BuildingDockerImage.imageId}}: # Select any number of target images
- SECURITY_SCAN: false
add_jira_info:
title: Parsing jira Commit
image: r.cfcr.io/razielt77_github/containers101/annotator:master
Expand Down Expand Up @@ -96,7 +135,7 @@ steps:
when:
condition:
all:
testresults: '"${{FAIL}}" == "1"'
testresults: '"${{FAIL}}" == "1"'
passfail:
title: failed
image: alpine
Expand All @@ -108,4 +147,4 @@ steps:
set:
- '${{BuildingDockerImage.imageId}}':
- CF_QUALITY: false