Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add examples for dockerfile and kubernetes checks #300

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

feat: add examples for dockerfile and kubernetes checks #300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b4da0e7
feat: add examples for dockerfile checks
nikpivkin Dec 6, 2024
3e16608
feat: add examples for kubernetes checks
nikpivkin Dec 6, 2024
dc6dc28
chore: link examples and dockerfile checks
nikpivkin Dec 6, 2024
43da456
chore: link examples and kubernetes checks
nikpivkin Dec 9, 2024
39a607a
chore: format dockerfile and kubernetes examples
nikpivkin Dec 9, 2024
16d2110
replace trivy
nikpivkin Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions checks/docker/add_instead_of_copy.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/add_instead_of_copy.yaml
package builtin.dockerfile.DS005

import data.lib.docker
Expand Down
12 changes: 12 additions & 0 deletions checks/docker/add_instead_of_copy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
dockerfile:
good:
- |-
FROM alpine:3.13
USER mike
ADD "/target/resources.tar.gz" "resources"
bad:
- |-
FROM alpine:3.13
USER mike
ADD "/target/resources.tar.gz" "resources.jar"
ADD "/target/app.jar" "app.jar"
1 change: 1 addition & 0 deletions checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input.yaml
package builtin.dockerfile.DS021

import data.lib.docker
Expand Down
11 changes: 11 additions & 0 deletions checks/docker/apt_get_missing_yes_flag_to_avoid_manual_input.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dockerfile:
good:
- |-
FROM node:12
USER mike
RUN apt-get -fmy install apt-utils && apt-get clean
bad:
- |-
FROM node:12
USER mike
RUN apt-get install apt-utils && apt-get clean
1 change: 1 addition & 0 deletions checks/docker/copy_from_references_current_from_alias.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/copy_from_references_current_from_alias.yaml
package builtin.dockerfile.DS006

import data.lib.docker
Expand Down
17 changes: 17 additions & 0 deletions checks/docker/copy_from_references_current_from_alias.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
dockerfile:
good:
- |-
FROM golang:1.7.3 as dep
COPY /binary /

FROM alpine:3.13
USER mike
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]
bad:
- |-
FROM golang:1.7.3 as dep
COPY --from=dep /binary /

FROM alpine:3.13
USER mike
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]
1 change: 1 addition & 0 deletions checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash.yaml
package builtin.dockerfile.DS011

import data.lib.docker
Expand Down
11 changes: 11 additions & 0 deletions checks/docker/copy_with_more_than_two_arguments_not_ending_with_slash.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dockerfile:
good:
- |-
FROM alpine:3.13
USER mike
COPY ["package.json", "yarn.lock", "myapp/"]
bad:
- |-
FROM alpine:3.13
USER mike
COPY ["package.json", "yarn.lock", "myapp"]
1 change: 1 addition & 0 deletions checks/docker/latest_tag.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/latest_tag.yaml
package builtin.dockerfile.DS001

import data.lib.docker
Expand Down
11 changes: 11 additions & 0 deletions checks/docker/latest_tag.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dockerfile:
good:
- |-
FROM debian:9
RUN apt-get update && apt-get -y install vim && apt-get clean
USER foo
bad:
- |-
FROM debian:latest
RUN apt-get update && apt-get -y install vim && apt-get clean
USER foo
1 change: 1 addition & 0 deletions checks/docker/maintainer_is_deprecated.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/maintainer_is_deprecated.yaml
package builtin.dockerfile.DS022

import data.lib.docker
Expand Down
10 changes: 10 additions & 0 deletions checks/docker/maintainer_is_deprecated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
dockerfile:
good:
- |-
FROM busybox:1.33.1
USER mike
bad:
- |-
FROM busybox:1.33.1
USER mike
MAINTAINER Lukas Martinelli <[email protected]>
1 change: 1 addition & 0 deletions checks/docker/missing_dnf_clean_all.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/missing_dnf_clean_all.yaml
package builtin.dockerfile.DS019

import data.lib.docker
Expand Down
13 changes: 13 additions & 0 deletions checks/docker/missing_dnf_clean_all.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
dockerfile:
good:
- |-
FROM fedora:27
USER mike
RUN set -uex && dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && sed -i 's/\\$releasever/26/g' /etc/yum.repos.d/docker-ce.repo && dnf install -vy docker-ce && dnf clean all
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
bad:
- |-
FROM fedora:27
USER mike
RUN set -uex && dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && sed -i 's/\\$releasever/26/g' /etc/yum.repos.d/docker-ce.repo && dnf install -vy docker-ce
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1
1 change: 1 addition & 0 deletions checks/docker/missing_zypper_clean.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/missing_zypper_clean.yaml
package builtin.dockerfile.DS020

import data.lib.docker
Expand Down
15 changes: 15 additions & 0 deletions checks/docker/missing_zypper_clean.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
dockerfile:
good:
- |-
FROM alpine:3.5
RUN zypper install bash && zypper clean
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
USER mike
CMD python /usr/src/app/app.py
bad:
- |-
FROM alpine:3.5
RUN zypper install bash
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
USER mike
CMD python /usr/src/app/app.py
1 change: 1 addition & 0 deletions checks/docker/multiple_cmd_instructions_listed.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/multiple_cmd_instructions_listed.yaml
package builtin.dockerfile.DS016

import data.lib.docker
Expand Down
16 changes: 16 additions & 0 deletions checks/docker/multiple_cmd_instructions_listed.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
dockerfile:
good:
- |-
FROM golang:1.7.3
USER mike
CMD ./apps
FROM alpine:3.13
CMD ./app
bad:
- |-
FROM golang:1.7.3
USER mike
CMD ./app
CMD ./apps
FROM alpine:3.13
CMD ./app
1 change: 1 addition & 0 deletions checks/docker/multiple_entrypoint_instructions_listed.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/multiple_entrypoint_instructions_listed.yaml
package builtin.dockerfile.DS007

import data.lib.docker
Expand Down
19 changes: 19 additions & 0 deletions checks/docker/multiple_entrypoint_instructions_listed.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
dockerfile:
good:
- |-
FROM golang:1.7.3 as dep
COPY /binary /

FROM alpine:3.13
USER mike
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]
bad:
- |-
FROM golang:1.7.3 as dep
COPY dep /binary /
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]

FROM alpine:3.13
USER mike
ENTRYPOINT [ "/opt/app/run.sh --port 8080" ]
1 change: 1 addition & 0 deletions checks/docker/multiple_healthcheck_instructions.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/multiple_healthcheck_instructions.yaml
package builtin.dockerfile.DS023

import data.lib.docker
Expand Down
20 changes: 20 additions & 0 deletions checks/docker/multiple_healthcheck_instructions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
dockerfile:
good:
- |-
FROM busybox:1.33.1
HEALTHCHECK CMD /bin/healthcheck

FROM alpine:3.13
HEALTHCHECK CMD /bin/healthcheck
USER mike
CMD ./app
bad:
- |-
FROM busybox:1.33.1
HEALTHCHECK CMD curl http://localhost:8080
HEALTHCHECK CMD /bin/healthcheck

FROM alpine:3.13
HEALTHCHECK CMD /bin/healthcheck
USER mike
CMD ./app
1 change: 1 addition & 0 deletions checks/docker/port22.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/port22.yaml
package builtin.dockerfile.DS004

import data.lib.docker
Expand Down
11 changes: 11 additions & 0 deletions checks/docker/port22.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dockerfile:
good:
- |-
FROM alpine:3.13
USER mike
EXPOSE 8080
bad:
- |-
FROM alpine:3.13
USER mike
EXPOSE 22
1 change: 1 addition & 0 deletions checks/docker/root_user.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/root_user.yaml
package builtin.dockerfile.DS002

import data.lib.docker
Expand Down
10 changes: 10 additions & 0 deletions checks/docker/root_user.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
dockerfile:
good:
- |-
FROM debian:9
RUN apt-get update && apt-get -y install vim && apt-get clean
USER foo
bad:
- |-
FROM debian:9
RUN apt-get update && apt-get -y install vim && apt-get clean
1 change: 1 addition & 0 deletions checks/docker/run_apt_get_dist_upgrade.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/run_apt_get_dist_upgrade.yaml
package builtin.dockerfile.DS024

import data.lib.docker
Expand Down
13 changes: 13 additions & 0 deletions checks/docker/run_apt_get_dist_upgrade.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
dockerfile:
good:
- |-
FROM debian:9.13
RUN apt-get update && apt-get install -y curl && apt-get clean
USER mike
CMD python /usr/src/app/app.py
bad:
- |-
FROM debian:9.13
RUN apt-get update && apt-get dist-upgrade && apt-get -y install curl && apt-get clean
USER mike
CMD python /usr/src/app/app.py
1 change: 1 addition & 0 deletions checks/docker/run_command_cd_instead_of_workdir.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/run_command_cd_instead_of_workdir.yaml
package builtin.dockerfile.DS013

import data.lib.docker
Expand Down
13 changes: 13 additions & 0 deletions checks/docker/run_command_cd_instead_of_workdir.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
dockerfile:
good:
- |-
FROM nginx:2.2
WORKDIR /usr/share/nginx/html
USER mike
CMD cd /usr/share/nginx/html && sed -e s/Docker/\"$AUTHOR\"/ Hello_docker.html > index.html ; nginx -g 'daemon off;'
bad:
- |-
FROM nginx:2.2
RUN cd /usr/share/nginx/html
USER mike
CMD cd /usr/share/nginx/html && sed -e s/Docker/\"$AUTHOR\"/ Hello_docker.html > index.html ; nginx -g 'daemon off;'
1 change: 1 addition & 0 deletions checks/docker/run_using_sudo.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/run_using_sudo.yaml
package builtin.dockerfile.DS010

import data.lib.docker
Expand Down
11 changes: 11 additions & 0 deletions checks/docker/run_using_sudo.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
dockerfile:
good:
- |-
FROM alpine:3.13
RUN pip install --upgrade pip
USER mike
bad:
- |-
FROM alpine:3.13
RUN sudo pip install --upgrade pip
USER mike
1 change: 1 addition & 0 deletions checks/docker/run_using_wget_and_curl.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/run_using_wget_and_curl.yaml
package builtin.dockerfile.DS014

import data.lib.docker
Expand Down
19 changes: 19 additions & 0 deletions checks/docker/run_using_wget_and_curl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
dockerfile:
good:
- |-
FROM debian:stable-20210621
RUN curl http://bing.com
RUN curl http://google.com

FROM baseimage:1.0
USER mike
RUN curl http://bing.com
bad:
- |-
FROM debian:stable-20210621
RUN wget http://bing.com
RUN curl http://google.com

FROM baseimage:1.0
USER mike
RUN curl http://bing.com
1 change: 1 addition & 0 deletions checks/docker/same_alias_in_different_froms.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
# input:
# selector:
# - type: dockerfile
# examples: checks/docker/same_alias_in_different_froms.yaml
package builtin.dockerfile.DS012

import data.lib.docker
Expand Down
Loading
Loading